Vulnerabilities > IBM > Datapower Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-38910 | Improper Input Validation vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. | 5.3 |
| 2021-08-17 | CVE-2020-4992 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2021-06-07 | CVE-2020-5008 | Insecure Storage of Sensitive Information vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. | 5.3 |
| 2021-03-12 | CVE-2020-4831 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datapower Gateway 10.0.0.0/10.0.0.1/10.0.1.0 IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-03-08 | CVE-2020-5014 | Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. | 6.7 |
| 2020-10-06 | CVE-2020-4528 | Unspecified vulnerability in IBM Datapower Gateway IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. | 5.5 |
| 2020-09-21 | CVE-2020-4581 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. | 7.5 |
| 2020-09-21 | CVE-2020-4580 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. | 7.5 |
| 2020-09-21 | CVE-2020-4579 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. | 7.5 |
| 2020-03-19 | CVE-2020-4205 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. | 6.3 |