IBM Support

2022年に公開された DataPower に関する脆弱性情報

Question & Answer


Question

2022年に公開されたDataPower に関連する脆弱性情報はありますか?

Answer

2022年に公開された DataPower 関連の脆弱性情報は以下のとおりです。(2022/12/17更新)
修正が含まれるFix Pack/Firmwareの導入をお勧めいたします。
公開日 タイトル
CVSS
基本値
 修正が含まれるfixレベル
2022/12/16 Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486) 6.2
IBM
10.5.0.3
DataPower
Gateway
2022/12/16 Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705) 7.4
IBM
10.0.1.11
DataPower
2018.4.1.24
Gateway
2022/12/16 Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling (CVE-2022-35256) 6.5
IBM
10.5.0.3
DataPower
10.0.1.11
Gateway
2022/12/16 Security Bulletin: IBM DataPower Gateway potentially affected by CPU side-channel (CVE-2022-21166) 5.5
IBM
10.5.0.3
DataPower
Gateway
2022/12/16 Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486) 6.2
IBM
10.5.0.3
DataPower
Gateway
2022/12/16 Security Bulletin: IBM DataPower Gateway subject to a memory leak in TCP source port generation (CVE-2022-1012) 8.2
IBM
10.5.0.3
DataPower
Gateway
2022/11/21 Security Bulletin: IBM DataPower Gateway potentially vulnerable to HTTP request smuggling 6.5
IBM
10.5.0.2
DataPower
10.0.4.0sr2
Gateway
10.0.1.10
2022/11/21 Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228) 3.7
IBM
10.0.4.0sr2
DataPower
10.0.1.10
Gateway
2018.4.1.23 
2022/10/31 Security Bulletin: IBM DataPower Gateway vulnerable to a flaw in OpenSSL (CVE-2017-3732) 5.3
IBM
 2018.4.1.23
 IT42112
DataPower
Gateway
2022/08/25 Security Bulletin: IBM DataPower Gateway vulnerable to CSRF attack 8.8
IBM
10.0.4.0sr2
DataPower
10.0.1.10
Gateway
2018.4.1.23 
2022/08/18 Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in ICU [CVE-2017-14952 and CVE-2020-10531] 9.8
IBM
10.5.0.1
DataPower
10.0.1.9
Gateway
2018.4.1.22
2022/07/29 Security Bulletin: IBM DataPower Gateway does not force a Gateway Peering password change 6.5
IBM
10.5.0.1
DataPower
10.0.1.x
Gateway
2018.4.1.x
2022/07/29 Security Bulletin: IBM DataPower Gateway vulnerable to XSS 5.4
IBM
10.5.0.1
DataPower
10.0.1.9
Gateway
2018.4.1.22
2022/07/29 Security Bulletin: IBM DataPower Gateway may permit admin users to view and edit files that are not allowed to be read via RBM access rights (CVE-2022-22326) 4
IBM
10.5.0.0
DataPower
10.0.1.6
Gateway
2018.4.1.19
2022/07/29 Security Bulletin: IBM DataPower Gateway vulnerable to XML Entity Expansion attack in Web UI (CVE-2022-31775) 5.5
IBM
10.5.0.1
DataPower
10.0.1.8
Gateway
2018.4.1.21
2022/07/29 Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Redis 4.3
IBM
10.5.0.1
DataPower
10.0.1.8
Gateway
2018.4.1.21
2022/07/29 Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java 5.3
IBM
10.5.0.1
DataPower
10.0.1.9
Gateway
2018.4.1.22
2022/07/29 Security Bulletin: IBM DataPower Gateway affected by vulnerability in JSSE (CVE-2021-35603) 3.7
IBM
10.5.0.0
DataPower
10.0.1.7
Gateway
2018.4.1.20
2022/07/29 Security Bulletin: IBM DataPower Gateway potentially affected by various vulnerabilities in Node 6.5
IBM
10.5.0.0/10.0.4.0sr
DataPower
10.0.1.7
Gateway
2018.4.1.x
2022/07/29 Security Bulletin: IBM DataPower Gateway affected by vulnerability in Node (CVE-2021-44531) 5.3
IBM
10.5.0.0/10.0.4.0sr1
DataPower
10.0.1.7
Gateway
2018.4.1.x
2022/07/29 Security Bulletin: IBM DataPower Gateway may use weaker security than expected (CVE-2021-35550) 5.9
IBM
10.5.0.0
DataPower
10.0.1.7
Gateway
2018.4.1.20
2022/07/29 Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java Runtime Environment (CVE-2021-35561) 5.3
IBM
10.5.0.1
DataPower
10.0.1.9
Gateway
2018.4.1.22
2022/06/20 Security Bulletin: DataPower Operator vulnerable to a Denial of Service (CVE-2022-23806) 7.5
IBM DataPower Operator 1.2
1.2.7
 https://ibm.github.io/datapower-operator-doc/release-notes/eus/
IBM DataPower Operator 1.5
1.5.1
 https://ibm.github.io/datapower-operator-doc/release-notes/cd/
2022/06/20 Security Bulletin: Flaw in Go may affect DataPower Operator (CVE-2021-44717) 4.8
IBM DataPower Operator 1.2
1.2.7
 https://ibm.github.io/datapower-operator-doc/release-notes/eus/
IBM DataPower Operator 1.5
1.5.1
 https://ibm.github.io/datapower-operator-doc/release-notes/cd/
2022/06/20 Security Bulletin: IBM DataPower Operator potentially vulnerable to Denial of Service (CVE-2021-44716) 7.5
IBM DataPower Operator 1.2
1.2.7
 https://ibm.github.io/datapower-operator-doc/release-notes/eus/
IBM DataPower Operator 1.5
1.5.1
 https://ibm.github.io/datapower-operator-doc/release-notes/cd/
2022/06/20 Security Bulletin: IBM DataPower Operator affected by flaw in Go (CVE-2022-23773) 5.3
IBM DataPower Operator 1.2
1.2.7
 https://ibm.github.io/datapower-operator-doc/release-notes/eus/
IBM DataPower Operator 1.5
1.5.1
 https://ibm.github.io/datapower-operator-doc/release-notes/cd/
2022/06/20 Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450) 9.8
IBM
10.0.4.0sr1
10.0.5.0
DataPower 10.0.1.6
Gateway
2018.4.1.19
2022/06/17 Security Bulletin: Potential Denial of Service in IBM DataPower Gateway (CVE-2022-23806) 7.5
IBM
10.0.5.0
DataPower 10.0.4.0sr1
Gateway
10.0.1.6sr1
2022/06/17 Security Bulletin: Potential module resolution error in DataPower Operator 5.3
IBM
10.0.5.0
DataPower 10.0.4.0sr1
Gateway
10.0.1.6sr1
2022/06/02 Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos 9
IBM
10.0.4.0
DataPower 10.0.1.5
Gateway
2018.4.1.18
2022/06/02 Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools 9.8
IBM
10.0.3.0
DataPower 10.0.1.4
Gateway
2018.4.1.18
2022/05/26 Security Bulletin: IBM DataPower vulnerable to CSRF 4.3
IBM
10.0.4.0
DataPower 10.0.1.5
Gateway
2018.4.1.18
2022/05/23 Security Bulletin: IBM DataPower Gateway Operand affected by vulnerabilities in Go (CVE-2021-44716, CVE-2021-44717) 7.5
IBM
10.0.4.0sr1, 10.5.0.0
DataPower 10.0.1.6
Gateway
2022/05/23 Security Bulletin: IBM DataPower Gateway potentially vulnerable to DNS spoofing 5
IBM
10.0.4.0
DataPower 10.0.1.5
Gateway
2022/05/23 Security Bulletin: IBM DataPower Gateway affected by vulnerability in JRE 5.3
IBM
10.0.4.0
DataPower 10.0.1.6
Gateway
2018.4.1.19
2022/05/17 Security Bulletin: IBM DataPower Gateway: Update Redis to remediate two CVEs 7.5
IBM
10.0.4.0sr1
DataPower 10.0.1.6
Gateway
2018.4.1.19
2022/05/17 Security Bulletin: IBM DataPower Gateway vulnerable to temporary DoS 5.3
IBM
10.0.4.0-SR1
DataPower 10.0.1.7
Gateway
2018.4.1.20
2022/05/17 Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection 4.8
IBM
10.0.4.0
DataPower 10.0.1.6
Gateway
2018.4.1.19
2022/05/16 Security Bulletin: IBM DataPower Gateway API Gateway component potentially vulnerable to a Denial of Service 5.3
IBM
10.0.4.0
DataPower 10.0.1.5
Gateway
2022/05/16 Security Bulletin: IBM DataPower vulnerable to DoS 5.3
IBM
10.0.1.5
DataPower 2018.4.1.18
Gateway
2022/05/16 Security Bulletin: Potential Denial of Service in IBM DataPower Gateway 6.5
IBM
10.0.4.0 10.0.1.3-SR
DataPower 10.0.1.5
Gateway
2018.4.1.18
2022/03/09 Security Bulletin: IBM DataPower Gateway permits reflected JSON injection (CVE-2021-38910) 3.7
IBM
10.0.4.0
DataPower 10.0.1.6
Gateway
2018.4.1.19
2022/03/02 Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js 6.5
IBM
10.0.4.0
DataPower Gateway
10.0.1.6

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdocAAC","label":"DataPower-\u003ESecurity (SE)-\u003EVulnerability"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
21 December 2022

UID

ibm16560939

Page Feedback