Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ibm

DataPower Gateway

42 Versions 26 CVEs

Versions

10.0.1.0

OTHER 13 CVEs

2018.4.1.16

OTHER 1 CVE

10.0.4.0

OTHER 6 CVEs

7.6.0.11

OTHER 2 CVEs

10.0.1.1

OTHER 1 CVE

2018.4.1.14

OTHER 2 CVEs

10.0.2.0

OTHER 9 CVEs

7.5.0.18

OTHER 1 CVE

2018.4.1.18

OTHER 2 CVEs

10.5.0.0

OTHER 5 CVEs

2018.4.1.17

OTHER 2 CVEs

2018.4.1.8

OTHER 2 CVEs

2108.4.1.18

OTHER 1 CVE

10.0.1.8

OTHER 1 CVE

7.6.0.0

OTHER 5 CVEs

10.1.0.8

OTHER 3 CVEs

2018.4.1.20

OTHER 1 CVE

7.5.2.18

OTHER 2 CVEs

7.7.0.0

OTHER 2 CVEs

7.5.0.0

OTHER 3 CVEs

2018.4.1.12

OTHER 4 CVEs

CD

OTHER 1 CVE

7.6.0.15

OTHER 1 CVE

10.0.1.5

OTHER 2 CVEs

7.5.2.17

OTHER 1 CVE

7.6.0.14

OTHER 1 CVE

7.5.1.0

OTHER 3 CVEs

10.0.1.4

OTHER 2 CVEs

10.1.0.5

OTHER 1 CVE

7.5.1.18

OTHER 2 CVEs

10.0.0.0

OTHER 4 CVEs

2018.4.1.0

OTHER 23 CVEs

7.5.1.17

OTHER 1 CVE

7.5.2.0

OTHER 3 CVEs

7.5.0.19

OTHER 2 CVEs

2018.4.1.6

OTHER 1 CVE

10.1.0.7

OTHER 1 CVE

10.0.3.0

OTHER 4 CVEs

7.6.0.10

OTHER 1 CVE

2018.4.1.5

OTHER 1 CVE

7.7.1.3

OTHER 2 CVEs

2018.4.1.21

OTHER 4 CVEs

Recent CVEs

CVE-2020-4994

IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.

MEDIUM May 17, 2022

CVE-2020-4992

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

MEDIUM Aug 17, 2021

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965.

MEDIUM Mar 12, 2021

CVE-2020-4528

IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658.

MEDIUM Oct 06, 2020

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.

HIGH Sep 21, 2020

CVE-2020-4580

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.

HIGH Sep 21, 2020

CVE-2020-4203

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.

MEDIUM Mar 19, 2020

CVE-2019-4621

IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.

HIGH Dec 09, 2019

CVE-2019-4294

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188.

HIGH Aug 20, 2019

CVE-2018-1666

IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.

MEDIUM Feb 07, 2019