IBM Support

2020年に公開された DataPower に関する脆弱性情報

Question & Answer


Question

2020年に公開されたDataPower に関連する脆弱性情報はありますか?

Answer

2020年に公開された DataPower 関連の脆弱性情報は以下のとおりです。(2020/10/06更新)
修正が含まれるFix Pack/Firmwareの導入をお勧めいたします。
公開日 タイトル
CVSS
基本値
 修正が含まれるfixレベル
2020/10/05 Security Bulletin: IBM DataPower Gateway may allow a potential DoS when importing malicious ZIP files (CVE-2019-13232) 3.3
IBM
2018.4.1.13
DataPower Gateway 10.0.0.1
2020/10/05 Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a Denial of Service (CVE-2020-14147) 5.3
IBM 2018.4.1.13
DataPower Gateway 10.0.0.1
2020/10/05 Security Bulletin: IBM DataPower Gateway can expose remote credentials to local users (CVE-2020-4528) 5.9
IBM 2018.4.1.13
DataPower Gateway 10.0.0.1
2020/09/18 Security Bulletin: Denial of Service with HTTP/2 in IBM DataPower Gateway (CVE-2020-4579) 7.5
IBM 2018.4.1.13
DataPower Gateway
2020/09/18 Security Bulletin: Denial of Service in IBM DataPower Gateway (CVE-2020-4580) 7.5
IBM 2018.4.1.13
DataPower Gateway
2020/09/18 Security Bulletin: Denial of Service with HTTP/2 in IBM DataPower Gateway (CVE-2020-4581) 7.5
IBM 2018.4.1.13
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Dojo 7.5
IBM 2018.4.1.11
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by vulnerability in OpenSSL (CVE-2019-1551) 6.8
IBM 2018.4.11
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by a vulnerability in Java Runtime (CVE-2020-2654) 3.7
IBM 2018.4.1.11 
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in Node.js (CVE-2019-15604) 5.3
IBM 2018.4.1.11
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in Node.js (CVE-2019-15605 CVE-2019-15606) 6.5
IBM 2018.4.1.11
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by XSS vulnerability (CVE-2019-10785) 6.1
IBM 2018.4.1.11
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java Runtime 4.8
IBM 2018.4.1.11
DataPower Gateway
2020/05/20 Security Bulletin: IBM DataPower Gateway affected by IBM MQ vulnerability (CVE-2019-4614) 5.3
IBM 2018.4.1.11
DataPower Gateway
2020/03/18 Security Bulletin: IBM DataPower Gateway is potentially vulnerable to a DoS issue when processing regular expressions (CVE-2017-16231) 3.3
IBM 2018.4.1.10
DataPower Gateway
2020/03/18 Security Bulletin: Potential exposure of sensitive data in IBM DataPower Gateway (CVE-2020-4203) 4.9
IBM 2018.4.1.10
IT31083
DataPower Gateway
2020/03/18 Security Bulletin: Certificates not removed from DataPower ValCred when updating corresponding APIc truststore (CVE-2020-4205) 5.0
IBM 2018.4.1.9
DataPower Gateway
2020/03/16 Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataPower Gateway 6.8
IBM 2018.4.1.10
DataPower Gateway
2020/01/02 Security Bulletin: IBM DataPower Gateway is potentially vulnerable to two cryptographic side-channel vulnerabilities in SSL. 5.5
IBM 7.6.0.18
DataPower Gateway 2018.4.1.9
2020/01/02 Security Bulletin: Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway 5.1
IBM 7.6.0.18 IT30949
DataPower Gateway 2018.4.1.9
2020/01/02 Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway 5.8
IBM 7.6.0.18 IT30948
DataPower Gateway 2018.4.1.9
2020/01/02 Security Bulletin: Potential disclosure of information in IBM DataPower Gateway (CVE-2018-14348) 5.3
IBM 7.6.0.18 IT30947
DataPower Gateway 2018.4.1.9

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
08 June 2021

UID

ibm11168576

Page Feedback