Vulnerabilities > CVE-2020-5014 - Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

ibm

CWE-918

NVD

Published: 2021-03-08

Updated: 2021-03-16

Summary

IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Datapower Gateway 10.0.0.0 IBM Datapower Gateway 10.0.0.1 IBM Datapower Gateway 10.0.1.0 IBM Datapower Gateway 2018.4.1.0 IBM Datapower Gateway 2018.4.1.1 IBM Datapower Gateway 2018.4.1.2 IBM Datapower Gateway 2018.4.1.3 IBM Datapower Gateway 2018.4.1.4 IBM Datapower Gateway 2018.4.1.5 IBM Datapower Gateway 2018.4.1.6 IBM Datapower Gateway 2018.4.1.7 IBM Datapower Gateway 2018.4.1.8 IBM Datapower Gateway 2018.4.1.12	14

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References