VYPR

Websphere Datapower Soa Appliance

by IBM

CVEs (5)

  • CVE-2018-1421HigApr 4, 2018
    risk 0.46cvss 7.1epss 0.01

    IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM…

  • CVE-2017-1591MedSep 28, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2014-0852Aug 16, 2014
    risk 0.00cvss epss 0.01

    IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of…

  • CVE-2013-0499May 28, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall,…

  • CVE-2010-1612Apr 29, 2010
    risk 0.00cvss epss 0.02

    The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of…