Vulnerabilities > IBM > Datapower Gateway > 10.0.2.0

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2022-31773 Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway 10.0.2.0
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2022-08-01 CVE-2022-22326 Incorrect Authorization vulnerability in IBM products
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks.
local
low complexity
ibm CWE-863
3.3
3.3
2022-08-01 CVE-2022-31774 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-08-01 CVE-2022-31775 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1
2022-08-01 CVE-2022-31776 Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.8
8.8
2022-08-01 CVE-2022-32750 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-05-18 CVE-2021-38944 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-79
6.1
6.1
2022-05-17 CVE-2021-38872 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests.
network
low complexity
ibm
7.5
7.5
2022-03-10 CVE-2021-38910 Improper Input Validation vulnerability in IBM Datapower Gateway
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input.
network
low complexity
ibm CWE-20
5.3
5.3
2019-08-20 CVE-2019-4294 OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability.
local
low complexity
ibm CWE-78
7.8
7.8