Vulnerabilities > IBM > Datapower Gateway > 2018.4.1.21

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-40228 Insufficient Session Expiration vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
5.4
5.4
2022-08-01 CVE-2022-31774 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-08-01 CVE-2022-31775 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
critical
 9.1
9.1
2022-08-01 CVE-2022-31776 Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.8
8.8
2022-08-01 CVE-2022-32750 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4