CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4294
https://notcve.org/view.php?id=CVE-2019-4294
20 Aug 2019 — IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. IBM DataPower Gateway 2018.4.1.0 a 2018.4.1.6, 7.6.0.0 a 7.6.0.15 e IBM MQ Appliance 8.0.0.0 a 8.0.0.12, 9.1.0.0 a 9.1.0.2 y 9.1.1 a 9.1.2 podría permitir que un atacante local ejecute comandos ar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/160701 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1677
https://notcve.org/view.php?id=CVE-2018-1677
20 Dec 2018 — IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171. IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6 y 7.7 así como IBM MQ Appliance, son vulnerables a una denegación de servicio (DoS) provocada por el manejo incorrecto de un sistema de archivos completo. Un atacante local p... • http://www.securityfocus.com/bid/106284 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1652
https://notcve.org/view.php?id=CVE-2018-1652
11 Dec 2018 — IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. IBM DataPower Gateway desde la versión 7.1.0.0 hasta la 7.1.0.19, desde la 7.2.0.0 hasta la 7.2.0.16, desde la 7.5.0.0 hasta la 7.5.0.10, desde la 7.5.1.0 hasta l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144724 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1664
https://notcve.org/view.php?id=CVE-2018-1664
25 Sep 2018 — IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. IBM X-Force ID: 144890. En IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15 y 7.6.0.0 - 7.6.0.8, así como IBM DataPower Gateway CD 7.7.0.0 -... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144890 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1669
https://notcve.org/view.php?id=CVE-2018-1669
25 Sep 2018 — IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950. IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144950 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1421
https://notcve.org/view.php?id=CVE-2018-1421
04 Apr 2018 — IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023. Las versiones 7.1, 7.2, 7.5, 7.5.1, 7.5.2 y 7.6 de IBM WebSphere DataPower Appliances son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar es... • http://www.ibm.com/support/docview.wss?uid=swg22015055 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1773
https://notcve.org/view.php?id=CVE-2017-1773
31 Jan 2018 — IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. IBM DataPower Gateways 7.1, 7,2, 7.5 y 7.6 podría permitir que un atacante que emplee técnicas de Man-in-the-Middle (MitM) suplante las respuestas DNS para realizar envenenamiento de caché DNS y redireccionar el tráfico de Internet. IBM X-Force ID: 136817. • http://www.ibm.com/support/docview.wss?uid=swg22012758 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 84EXPL: 0CVE-2017-1591
https://notcve.org/view.php?id=CVE-2017-1591
27 Sep 2017 — IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. IBM WebSphere DataPower Appliances versión 7.0.0 hasta 7.6, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la i... • http://www.ibm.com/support/docview.wss?uid=swg22008815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2015-7427
https://notcve.org/view.php?id=CVE-2015-7427
14 Nov 2015 — IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. Dispositivos IBM DataPower Gateway con firmware 6.x en versiones anteriores a 6.0.0.17, 6.0.1.x en versiones anteriores a 6.0.1.17, 7.x en versiones a... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10279 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7412
https://notcve.org/view.php?id=CVE-2015-7412
08 Nov 2015 — The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. Los módulos GatewayScript en IBM DataPower Gateways con software 7.2.0.x en versiones anteriores a 7.2.0.1, cuando la API de descifrado GatewayScript o una acción de descifrado JWE está activada, no requiere dato... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT10701 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •