The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 up to and including 2.0.0.3 and 2.1.0.0 up to and including 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote malicious users to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere datapower xc10 appliance 2.1.0.2 |
||
ibm websphere datapower xc10 appliance 2.0.0.2 |
||
ibm websphere datapower xc10 appliance 2.0.0.3 |
||
ibm websphere datapower xc10 appliance 2.1.0.0 |
||
ibm websphere datapower xc10 appliance 2.1.0.1 |
||
ibm websphere datapower xc10 appliance 2.0.0.0 |
||
ibm websphere datapower xc10 appliance 2.0.0.1 |