IBM DataPower Gateway 10.0.3.0 up to and including 10.0.4.0, 10.0.1.0 up to and including 10.0.1.9, 2018.4.1.0 up to and including 2018.4.1.22, and 10.5.0.0 up to and including 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm datapower gateway |