Vulnerabilities > IBM > Datapower Gateway > 10.0.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-22 | CVE-2022-40228 | Insufficient Session Expiration vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. | 5.4 |
| 2022-08-01 | CVE-2022-22326 | Incorrect Authorization vulnerability in IBM products IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. | 3.3 |
| 2022-05-18 | CVE-2021-38944 | Cross-site Scripting vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
| 2022-05-17 | CVE-2021-38872 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. | 7.5 |
| 2022-03-10 | CVE-2021-38910 | Improper Input Validation vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. | 5.3 |