Vulnerabilities > IBM > Datapower Gateway > 10.0.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-18 | CVE-2021-38944 | Cross-site Scripting vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 4.3 |
2022-05-17 | CVE-2021-38872 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. | 5.0 |
2022-03-10 | CVE-2021-38910 | Improper Input Validation vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. | 5.0 |
2019-08-20 | CVE-2019-4294 | OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. | 7.8 |