Question & Answer

Question

2019年に公開されたDataPower に関連する脆弱性情報はありますか?

Answer

2019年に公開された DataPower 関連の脆弱性情報は以下のとおりです。(2019/12/25更新)
修正が含まれるFix Pack/Firmwareの導入をお勧めいたします。

公開日

タイトル

CVSS

基本値

修正が含まれるfixレベル

2019/12/20

Security Bulletin: IBM DataPower Gateway enables default IPMI account

8.1

IBM	7.6.0.15	IT29004
DataPower Gateway	2018.4.1.6

2019/11/12

Security bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DataPower Gateway

5.3

IBM	7.6.0.17	I T30265
DataPower Gateway	2018.4.1.8

2019/11/08

Security bulletin: Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

7.5

IBM	7.6.0.17	I T30266
DataPower Gateway	2018.4.1.8

2019/11/08

Security bulletin: Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

7.5

IBM	7.6.0.17	I T30264
DataPower Gateway	2018.4.1.8

2019/11/08

Security bulletin: Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Kerberos (CVE-2017-11462)

7.5

IBM	7.6.0.17	IT30263
DataPower Gateway	2018.4.1.8

2019/08/13

Security Bulletin: IBM DataPower Gateway is affected by an injection vulnerability (CVE-2019-4294)

8.4

IBM	7.6.0.16	I T29703
DataPower	2018.4.1.7
Gateway

2019/05/08

Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110)

3.1

IBM	7.5.2.20	IT28834
DataPower	7.6.0.14
Gateway	2018.4.1.5

2019/05/08

Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)

5.8

IBM	7.5.0.21	IT28828
DataPower	7.5.1.20
Gateway	7.5.2.20
	7.6.0.14
	2018.4.1.5

2019/05/07

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Datapower Gateway

9.8

IBM	7.5.0.21	IT28893
DataPower	7.5.1.20
Gateway	7.5.2.20
	7.6.0.14
	2018.4.1.5

2019/01/11

Security Bulletin: IBM DataPower Gateway is affected by a message injection vulnerability (CVE-2018-1666)

4.3

IBM	7.5.0.20	IT26947
DataPower	7.5.1.19
Gateway	7.5.2.19
	7.6.0.12
	2018.4.1.2

2019/01/11

Security Bulletin: IBM DataPower Gateway are affected by vulnerabilites in IMPI (CVE-2018-1668)

5.3

IBM	7.5.0.20	IT27698
DataPower	7.5.1.19
Gateway	7.5.2.19
	7.6.0.12
	2018.4.1.2

2019/01/11

Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL

3.7

IBM	7.5.0.20	IT27132
DataPower	7.5.1.19
Gateway	7.5.2.19
	7.6.0.12
	2018.4.1.2

2019/01/11

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM DataPower Gateway (CVE-2018-3180)

5.6

IBM	7.5.0.20	IT27132
DataPower	7.5.1.19
Gateway	7.5.2.19
	7.6.0.12
	2018.4.1.2

2019/01/11

Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123)

6.1

IBM	7.5.0.20	IT27162
DataPower	7.5.1.19
Gateway	7.5.2.19
	7.6.0.12
	2018.4.1.2

Related Information

2019年に公開されたAPI Connect に関連する脆弱性情報

2020年に公開された DataPower に関する脆弱性情報

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"All versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

2019年に公開された DataPower に関する脆弱性情報

Question & Answer

Question

Answer

Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110)

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?