Vulnerabilities > IBM > Datapower Gateway

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-40228 Insufficient Session Expiration vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
5.4
2022-08-26 CVE-2022-31773 Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway 10.0.2.0
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2022-08-01 CVE-2022-22326 Incorrect Authorization vulnerability in IBM products
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks.
local
low complexity
ibm CWE-863
3.3
3.3
2022-08-01 CVE-2022-31774 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-08-01 CVE-2022-31775 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1
2022-08-01 CVE-2022-31776 Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.8
8.8
2022-08-01 CVE-2022-32750 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-05-18 CVE-2021-38944 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-79
6.1
6.1
2022-05-17 CVE-2020-4994 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests.
network
low complexity
ibm
7.5
7.5
2022-05-17 CVE-2021-38872 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests.
network
low complexity
ibm
7.5
7.5