Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm datapower gateway vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31776
IBM DataPower Gateway 10.0.2.0 up to and including 10.0.4.0, 10.0.1.0 up to and including 10.0.1.8, 10.5.0.0, and 2018.4.1.0 up to and including 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated malicious user to send unauthorized re...
Ibm Datapower Gateway
Ibm Datapower Gateway 10.5.0.0
5.5
CVSSv2
CVE-2018-1421
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Fo...
Ibm Datapower Gateway
6.8
CVSSv2
CVE-2018-1661
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887.
Ibm Datapower Gateway
5
CVSSv2
CVE-2018-1665
IBM DataPower Gateway 7.6.0.0 up to and including 7.6.0.10, 7.5.2.0 up to and including 7.5.2.17, 7.5.1.0 up to and including 7.5.1.17, 7.5.0.0 up to and including 7.5.0.18, and 7.7.0.0 up to and including 7.7.1.3 uses weaker than expected cryptographic algorithms that could allo...
Ibm Datapower Gateway
2.6
CVSSv2
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x prior to 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote malicious users to obtain plaintext data v...
Ibm Datapower Gateway
6.5
CVSSv2
CVE-2020-4205
IBM DataPower Gateway 2018.4.1.0 up to and including 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.
Ibm Datapower Gateway
4.3
CVSSv2
CVE-2020-4992
IBM DataPower Gateway 2018.4.1.0 up to and including 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.
Ibm Datapower Gateway
5
CVSSv2
CVE-2020-5008
IBM DataPower Gateway 10.0.0.0 up to and including 10.0.1.0 and 2018.4.1.0 up to and including 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer hea...
Ibm Datapower Gateway
4.6
CVSSv2
CVE-2020-5014
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
Ibm Datapower Gateway
1 Github repository
6.8
CVSSv2
CVE-2019-4621
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 up to and including 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 16...
Ibm Datapower Gateway
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »