Vulnerabilities > IBM > Websphere Datapower Xc10 Appliance > 2.0.0.0

DATE CVE VULNERABILITY TITLE RISK
2012-11-23 CVE-2012-5759 Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Datapower Xc10 Appliance
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors.
network
low complexity
ibm CWE-264
critical
 9.0
9.0
2012-11-23 CVE-2012-5758 Improper Authentication vulnerability in IBM Websphere Datapower Xc10 Appliance
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors.
network
low complexity
ibm CWE-287
7.8
7.8
2012-11-23 CVE-2012-5756 Cryptographic Issues vulnerability in IBM Websphere Datapower Xc10 Appliance
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation.
network
ibm CWE-310
4.3
4.3