Vulnerabilities > IBM > Datapower Gateway > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-26 | CVE-2022-31773 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway 10.0.2.0 IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2022-08-01 | CVE-2022-31776 | Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). | 8.8 |
| 2022-05-17 | CVE-2020-4994 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. | 7.5 |
| 2022-05-17 | CVE-2021-38872 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. | 7.5 |
| 2021-03-12 | CVE-2020-4831 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datapower Gateway 10.0.0.0/10.0.0.1/10.0.1.0 IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-09-21 | CVE-2020-4581 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. | 7.5 |
| 2020-09-21 | CVE-2020-4580 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. | 7.5 |
| 2020-09-21 | CVE-2020-4579 | Unspecified vulnerability in IBM Datapower Gateway IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. | 7.5 |
| 2019-08-20 | CVE-2019-4294 | OS Command Injection vulnerability in IBM Datapower Gateway and MQ Appliance IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. | 7.8 |
| 2019-01-29 | CVE-2018-1668 | Improper Authentication vulnerability in IBM Datapower Gateway IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. | 7.5 |