Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm datapower gateway vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32750
IBM DataPower Gateway 10.0.2.0 up to and including 10.0.4.0, 10.0.1.0 up to and including 10.0.1.8, 10.5.0.0, and 2018.4.1.0 up to and including 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu...
Ibm Datapower Gateway
Ibm Datapower Gateway 10.5.0.0
4
CVSSv2
CVE-2020-4203
IBM DataPower Gateway 2018.4.1.0 up to and including 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.
Ibm Datapower Gateway
4.6
CVSSv2
CVE-2020-5014
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
Ibm Datapower Gateway
1 Github repository
NA
CVE-2022-40228
IBM DataPower Gateway 10.0.3.0 up to and including 10.0.4.0, 10.0.1.0 up to and including 10.0.1.9, 2018.4.1.0 up to and including 2018.4.1.22, and 10.5.0.0 up to and including 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user t...
Ibm Datapower Gateway
5
CVSSv2
CVE-2020-4831
IBM DataPower Gateway 10.0.0.0 up to and including 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an malicious user to decrypt highly sensitive information. IBM X-Force ID: 189965.
Ibm Datapower Gateway
4.3
CVSSv2
CVE-2017-1773
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Ibm Datapower Gateway
2.6
CVSSv2
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x prior to 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote malicious users to obtain plaintext data v...
Ibm Datapower Gateway
5
CVSSv2
CVE-2020-5008
IBM DataPower Gateway 10.0.0.0 up to and including 10.0.1.0 and 2018.4.1.0 up to and including 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer hea...
Ibm Datapower Gateway
6.5
CVSSv2
CVE-2020-4205
IBM DataPower Gateway 2018.4.1.0 up to and including 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.
Ibm Datapower Gateway
5
CVSSv2
CVE-2020-4579
IBM DataPower Gateway 2018.4.1.0 up to and including 2018.4.1.12 could allow a remote malicious user to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.
Ibm Datapower Gateway
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »