Vulnerabilities > IBM > Datapower Gateway > 7.1.0.2

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-1677 Improper Handling of Exceptional Conditions vulnerability in IBM Datapower Gateway
IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system.
local
low complexity
ibm CWE-755
5.5
5.5
2018-12-11 CVE-2018-1652 Improper Input Validation vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors.
local
low complexity
ibm CWE-20
5.5
5.5
2018-09-25 CVE-2018-1669 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-09-25 CVE-2018-1664 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache.
local
low complexity
ibm
7.8
7.8
2018-04-04 CVE-2018-1421 XXE vulnerability in IBM Datapower Gateway
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
7.1
2018-01-31 CVE-2017-1773 Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic.
network
high complexity
ibm CWE-345
4.0
4.0
2017-09-28 CVE-2017-1591 Cross-site Scripting vulnerability in IBM Datapower Gateway
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1