Vulnerabilities > IBM > Datapower Gateway > 7.1.0.20
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-20 | CVE-2018-1677 | Improper Handling of Exceptional Conditions vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. | 2.1 |
2018-09-25 | CVE-2018-1669 | XXE vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2018-09-25 | CVE-2018-1664 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. | 2.1 |
2018-04-04 | CVE-2018-1421 | XXE vulnerability in IBM Datapower Gateway IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2018-01-31 | CVE-2017-1773 | Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. | 4.3 |
2015-11-08 | CVE-2015-7412 | Information Exposure vulnerability in IBM Datapower Gateway The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. | 2.6 |