Vulnerabilities > IBM > Datapower Gateway > 10.0.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-06-07 CVE-2020-5008 Insecure Storage of Sensitive Information vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters.
network
low complexity
ibm CWE-922
5.0
5.0
2021-03-12 CVE-2020-4831 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datapower Gateway 10.0.0.0/10.0.0.1/10.0.1.0
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
5.0
5.0
2021-03-08 CVE-2020-5014 Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack.
local
low complexity
ibm CWE-918
4.6
4.6