IBM Support

2024年に公開された DataPower に関する脆弱性情報

Question & Answer


Question

2024年に公開されたDataPower に関連する脆弱性情報はありますか?

Answer

2024年に公開された DataPower 関連の脆弱性情報は以下のとおりです。(2024/06/25更新)
修正が含まれるFix Pack/Firmwareの導入をお勧めいたします。
公開日 タイトル
CVSS
基本値
 修正が含まれるfixレベル
2024/06/24 Security Bulletin: IBM DataPower Gateway is vulnerable to denial of service due to Golang Go 5.9
IBM
10.6.0.0
DataPower
10.5.0.11
Gateway 10.0.1.19
DataPower Operations Dashboard 1.6/1.7/1.8/1.9
1.6.14
1.10.1
1.11.0
2024/05/14
 Security Bulletin: IBM DataPower Gateway vulnerable to DOS in OpenSSL (CVE-2024-0727) 3.1
IBM
10.5.4
DataPower
10.5.0.11
Gateway 10.0.1.19
2024/05/14 Security Bulletin: IBM DataPower Gateway Virtual Edition affected by bypass vulnerability in Open VM Tools 3.9
IBM
10.0.1.19
DataPower
Gateway
2024/05/14 Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795) 5.9
IBM
10.5.4
DataPower
10.5.0.11
Gateway 10.0.1.19
2024/04/26 Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP request smuggling CVE-2023-46589 6.5
DataPower Operations Dashboard
1.0.20.2
2024/04/22 Security Bulletin: IBM Datapower Operations Dashboard could be vulnerable to a denial of service CVE-2023-51074 5.3
DataPower Operations Dashboard
1.0.20.2
2024/04/04 Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway 7.5
IBM
10.5.4
DataPower
10.5.0.10
Gateway 10.0.1.18
2024/04/01 Security Bulletin: IBM DataPower affected by vulnerability in Go (CVE-2023-39326) 5.3
IBM
10.5.4
DataPower
10.5.0.10
Gateway 10.0.1.18
DataPower Operator 1.6/1.7/1.8/1.9
1.6.13/1.9.1
2024/04/01 Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js 7.5
IBM
10.5.4
DataPower
10.5.0.10
Gateway 10.0.1.18
2024/03/13 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to denial of service CVE-2023-3635 7.5  
DataPower Operations Dashboard
1.0.20.1 

 
2024/03/13 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-33202 7.5  
DataPower Operations Dashboard
1.0.20.1 
2024/03/13 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642 7.5
DataPower Operations Dashboard
1.0.20.1  
2024/03/13 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system CVE-2023-46308 7.3
DataPower Operations Dashboard
1.0.20.1 
2024/03/11 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-31419 6.5
DataPower Operations Dashboard
1.0.20.1 
2024/03/11 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795 5.9
DataPower Operations Dashboard
1.0.20.1
2024/03/11 Security Bulletin: IBM Datapower Operations Dashboard could allow a local authenticated attacker to obtain sensitive information CVE-2023-0833 6.2
DataPower Operations Dashboard
1.0.20.1 
2024/02/14 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to execute arbitrary code on the system [CVE-2023-46604] 9.4
DataPower Operations Dashboard
1.0.20.0
2024/02/12 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service [CVE-2023-34462] 6.5
DataPower Operations Dashboard
1.0.20.0
2024/02/09 Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service caused by a bug in the parser [CVE-2023-5072] 7.5
DataPower Operations Dashboard
1.0.20.0
2024/02/07 Security Bulletin: IBM Datapower Operations Dashboard to a denial of service caused by an unsafe deserialization flaw 5.3
DataPower Operations Dashboard
1.0.20.0
2024/02/07 Security Bulletin: Datapower Operations Dashboard Multiple Vulnerabilities in Apache Tomcat 7.5
DataPower Operations Dashboard 1.0.20.0
2024/02/07 Security Bulletin: IBM DataPower Gateway vulnerable to unauthorized access in Redis 3.1
IBM
10.5.3
DataPower
10.5.0.8 
Gateway 10.0.1.17
2024/01/12 Security Bulletin: IBM DataPower Gateway vulnerable to directory traversal issue 6.5
IBM
10.5.3
DataPower
10.5.0.8 
Gateway 10.5.0.9

[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdntAAC","label":"DataPower-\u003ESecurity (SE)"},{"code":"a8m50000000CdocAAC","label":"DataPower-\u003ESecurity (SE)-\u003EVulnerability"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
25 June 2024

UID

ibm17107750

Page Feedback