Vulnerabilities > IBM > Datapower Gateway > 7.1.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-20 | CVE-2018-1677 | Improper Handling of Exceptional Conditions vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. | 5.5 |
2018-12-11 | CVE-2018-1652 | Improper Input Validation vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. | 5.5 |
2018-09-25 | CVE-2018-1669 | XXE vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
2018-09-25 | CVE-2018-1664 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. | 7.8 |
2018-04-04 | CVE-2018-1421 | XXE vulnerability in IBM Datapower Gateway IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
2018-01-31 | CVE-2017-1773 | Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. | 4.0 |
2017-09-28 | CVE-2017-1591 | Cross-site Scripting vulnerability in IBM Datapower Gateway IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. | 6.1 |