Description
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.
Related CPE's
a
ibm
datapower_gateway
2
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/193033
VDB EntryVendor Advisory
https://www.ibm.com/support/pages/node/6459681
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-06-07T14:15:07.717
4 years agoLast modified
2021-06-10T18:03:10.970
4 years ago