Vulnerabilities > IBM > Datapower Gateway > 7.1.0.20

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-1677 Improper Handling of Exceptional Conditions vulnerability in IBM Datapower Gateway
IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system.
local
low complexity
ibm CWE-755
2.1
2.1
2018-09-25 CVE-2018-1669 XXE vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
5.5
2018-09-25 CVE-2018-1664 Unspecified vulnerability in IBM Datapower Gateway
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache.
local
low complexity
ibm
2.1
2.1
2018-04-04 CVE-2018-1421 XXE vulnerability in IBM Datapower Gateway
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
5.5
5.5
2018-01-31 CVE-2017-1773 Insufficient Verification of Data Authenticity vulnerability in IBM Datapower Gateway
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic.
network
ibm CWE-345
4.3
4.3
2015-11-08 CVE-2015-7412 Information Exposure vulnerability in IBM Datapower Gateway
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack.
network
high complexity
ibm CWE-200
2.6
2.6