Vulnerabilities > IBM > Datapower Gateway
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-21 | CVE-2020-4581 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. | 5.0 |
| 2020-09-21 | CVE-2020-4580 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. | 5.0 |
| 2020-09-21 | CVE-2020-4579 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. | 5.0 |
| 2020-03-19 | CVE-2020-4205 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. | 6.5 |
| 2020-03-19 | CVE-2020-4203 | Information Exposure vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. | 4.0 |
| 2019-12-09 | CVE-2019-4621 | Insecure Default Initialization of Resource vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. | 6.8 |
| 2019-08-20 | CVE-2019-4294 | OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. | 7.8 |
| 2019-02-07 | CVE-2018-1666 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. | 4.0 |
| 2019-01-29 | CVE-2018-1668 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. | 5.0 |
| 2018-12-20 | CVE-2018-1677 | Improper Handling of Exceptional Conditions vulnerability in IBM Datapower Gateway IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. | 2.1 |