Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm datapower gateway vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-1663
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote malicious user to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information usi...
Ibm Datapower Gateway 2018.4
Ibm Datapower Gateway
2.1
CVSSv2
CVE-2018-1664
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credential...
Ibm Datapower Gateway
5.5
CVSSv2
CVE-2018-1669
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML...
Ibm Datapower Gateway
5.5
CVSSv2
CVE-2018-1421
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Fo...
Ibm Datapower Gateway
4.3
CVSSv2
CVE-2017-1773
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Ibm Datapower Gateway
4.3
CVSSv2
CVE-2017-1591
IBM WebSphere DataPower Appliances 7.0.0 up to and including 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Ibm Datapower Gateway 7.5.1.6
Ibm Datapower Gateway 7.5.1.5
Ibm Datapower Gateway 7.5.1.4
Ibm Datapower Gateway 7.5.1.3
Ibm Datapower Gateway 7.2.0.15
Ibm Datapower Gateway 7.2.0.14
Ibm Datapower Gateway 7.2.0.13
Ibm Datapower Gateway 7.2.0.12
Ibm Datapower Gateway 7.1.0.17
Ibm Datapower Gateway 7.1.0.16
Ibm Datapower Gateway 7.1.0.15
Ibm Datapower Gateway 7.1.0.14
Ibm Datapower Gateway 7.1.0.1
Ibm Datapower Gateway 7.1.0.0
Ibm Datapower Gateway 7.0.0.19
Ibm Datapower Gateway 7.0.0.18
Ibm Datapower Gateway 7.0.0.17
Ibm Datapower Gateway 7.0.0.4
Ibm Datapower Gateway 7.0.0.3
Ibm Datapower Gateway 7.0.0.2
Ibm Datapower Gateway 7.0.0.1
Ibm Datapower Gateway 7.5.2.5
5
CVSSv2
CVE-2015-7427
IBM DataPower Gateway appliances with firmware 6.x prior to 6.0.0.17, 6.0.1.x prior to 6.0.1.17, 7.x prior to 7.0.0.10, 7.1.0.x prior to 7.1.0.7, and 7.2.x prior to 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote ma...
Ibm Datapower Gateway 6.0.1.12
Ibm Datapower Gateway 6.0.1.13
Ibm Datapower Gateway 6.0.1.14
Ibm Datapower Gateway 6.0.1.15
Ibm Datapower Gateway 7.1.0.2
Ibm Datapower Gateway 7.1.0.3
Ibm Datapower Gateway 7.1.0.4
Ibm Datapower Gateway 7.1.0.5
Ibm Datapower Gateway
Ibm Datapower Gateway 6.0.1.1
Ibm Datapower Gateway 6.0.1.3
Ibm Datapower Gateway 6.0.1.8
Ibm Datapower Gateway 6.0.1.10
Ibm Datapower Gateway 7.0.0.0
Ibm Datapower Gateway 7.0.0.2
Ibm Datapower Gateway 7.0.0.7
Ibm Datapower Gateway 7.0.0.9
Ibm Datapower Gateway 7.1.0.1
Ibm Datapower Gateway 7.1.0.6
Ibm Datapower Gateway 6.0.1.4
Ibm Datapower Gateway 6.0.1.5
Ibm Datapower Gateway 6.0.1.6
2.6
CVSSv2
CVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x prior to 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote malicious users to obtain plaintext data v...
Ibm Datapower Gateway
4.3
CVSSv2
CVE-2013-0499
Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote malicious users to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firew...
Ibm Websphere Datapower Xc10 Appliance Firmware 3.8.2
Ibm Websphere Datapower Xc10 Appliance Firmware 4.0
Ibm Websphere Datapower Xc10 Appliance Firmware 4.0.1
Ibm Websphere Datapower Xc10 Appliance Firmware 4.0.2
Ibm Websphere Datapower Xc10 Appliance Firmware 5.0.0
Ibm Websphere Datapower Xc10 Appliance -
Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware 5.0.0
Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware 4.0.1
Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware 4.0.2
Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware 3.8.2
Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware 4.0
Ibm Websphere Datapower Service Gateway Xg45 Virtual Edition -
Ibm Websphere Datapower Service Gateway Xg45 Firmware 5.0.0
Ibm Websphere Datapower Service Gateway Xg45 Firmware 3.8.2
Ibm Websphere Datapower Service Gateway Xg45 Firmware 4.0.1
Ibm Websphere Datapower Service Gateway Xg45 Firmware 4.0.2
Ibm Websphere Datapower Service Gateway Xg45 Firmware 4.0
Ibm Websphere Datapower Service Gateway Xg45 -
Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware 5.0.0
Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware 3.8.2
Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware 4.0.1
Ibm Websphere Datapower Integration Appliance Xi52 Virtual Edition Firmware 4.0.2
5
CVSSv2
CVE-2010-1612
The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances prior to 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote malicious users to cause a denial of...
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.6
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.5
Ibm Websphere Datapower Xml Accelerator Xa35
Ibm Websphere Datapower Xml Accelerator Xa35 3.8.0.4
Ibm Websphere Datapower Xml Accelerator Xa35 3.8.0.2
Ibm Websphere Datapower Xml Accelerator Xa35 3.8.0.1
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.4
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.3
Ibm Websphere Datapower Xml Accelerator Xa35 3.8.0.3
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.8
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.7
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.2
Ibm Websphere Datapower Xml Accelerator Xa35 3.8.0.0
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.9
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.2
Ibm Websphere Datapower Xml Accelerator Xa35 3.7.3.1
Ibm Websphere Datapower Xml Security Gateway Xs40 3.8.0.2
Ibm Websphere Datapower Xml Security Gateway Xs40 3.8.0.1
Ibm Websphere Datapower Xml Security Gateway Xs40 3.7.3.4
Ibm Websphere Datapower Xml Security Gateway Xs40 3.7.3.2
Ibm Websphere Datapower Xml Security Gateway Xs40 3.8.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »