CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4621
https://notcve.org/view.php?id=CVE-2019-4621
09 Dec 2019 — IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883. IBM DataPower Gateway versiones 7.6.0.0-7 hasta 6.0.14 y versiones 2018.4.1.0 hasta 2018.4.1.5, presentan una cuenta de administrador predeterminada que está habilitada si el canal LAN de IPMI está habilitado. Un atacante remoto podría ut... • https://exchange.xforce.ibmcloud.com/vulnerabilities/168883 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4294
https://notcve.org/view.php?id=CVE-2019-4294
20 Aug 2019 — IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. IBM DataPower Gateway 2018.4.1.0 a 2018.4.1.6, 7.6.0.0 a 7.6.0.15 e IBM MQ Appliance 8.0.0.0 a 8.0.0.12, 9.1.0.0 a 9.1.0.2 y 9.1.1 a 9.1.2 podría permitir que un atacante local ejecute comandos ar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/160701 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1666
https://notcve.org/view.php?id=CVE-2018-1666
07 Feb 2019 — IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892. IBM DataPower Gateway, en su versión 2018.4.1.0, desde la versión 7.6.0.0 hasta la 7.6.0.11, desde la 7.5.2.0 hasta la 7.5.2.18, desde la 7.5.1.0 hasta la 7.5.1.18, desde la 7.5.0.0 hasta la 7.5.0.19 y desde la 7.7.0.0 hasta... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144892 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1668
https://notcve.org/view.php?id=CVE-2018-1668
29 Jan 2019 — IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. IBM DataPower Gateway, desde la versión 7.5.0.0 hasta la 7.5.0.19, desde la 7.5.1.0 hasta la 7.5.1.18, desde la 7.5.2.0 hasta la 7.5.2.18 y desde la 7.6.0.0 hasta la 7.6.0.11, permite inicios de sesión "null", que podrían otorgar acceso de lectura a da... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144894 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1661
https://notcve.org/view.php?id=CVE-2018-1661
20 Dec 2018 — IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. IBM DataPower Gateways 7.5, 7.5.1, 7.5.2 y 7.6 es vulnerable a ataques Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 144887. • http://www.securityfocus.com/bid/106329 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1677
https://notcve.org/view.php?id=CVE-2018-1677
20 Dec 2018 — IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. A local attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 145171. IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6 y 7.7 así como IBM MQ Appliance, son vulnerables a una denegación de servicio (DoS) provocada por el manejo incorrecto de un sistema de archivos completo. Un atacante local p... • http://www.securityfocus.com/bid/106284 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1665
https://notcve.org/view.php?id=CVE-2018-1665
13 Dec 2018 — IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144891. IBM DataPower Gateway, desde la versión 7.6.0.0 hasta la 7.6.0.10, desde la versión 7.5.2.0 hasta la 7.5.2.17, desde la versión 7.5.1.0 hasta la 7.5.1.17, desde la versión 7.5.0.0 hasta la 7.5.0.18 y desde la vers... • http://www.ibm.com/support/docview.wss?uid=ibm10744195 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1667
https://notcve.org/view.php?id=CVE-2018-1667
13 Dec 2018 — IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and 7.7.0.0 through 7.7.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144893. IBM DataPower Gateway, desde la versión 7.6.0.0 hasta la 7.6.0.10, desde la versión 7.5.2.0 hasta la ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1652
https://notcve.org/view.php?id=CVE-2018-1652
11 Dec 2018 — IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. IBM DataPower Gateway desde la versión 7.1.0.0 hasta la 7.1.0.19, desde la 7.2.0.0 hasta la 7.2.0.16, desde la 7.5.0.0 hasta la 7.5.0.10, desde la 7.5.1.0 hasta l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/144724 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1663
https://notcve.org/view.php?id=CVE-2018-1663
07 Dec 2018 — IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889. IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6 y 2018.4 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente... • http://www.securityfocus.com/bid/106199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •