Description
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.
CVSS breakdown
CVSS 3.0
Confidentiality
High
Availability
High
Scope
Unchanged
User Interaction
Required
Integrity
High
Attack Complexity
Low
Privileges Required
None
Attack Vector
Network
RC
Changed
E
Unchanged
RL
O
Affected products
- ibm / DataPower Gateway2018.4.1.0 – 2018.4.1.0
- ibm / DataPower Gateway10.0.1.0 – 10.0.1.0
- ibm / DataPower Gateway10.0.2.0 – 10.0.2.0
- ibm / DataPower Gateway10.0.4.0 – 10.0.4.0
- ibm / DataPower Gateway2018.4.1.21 – 2018.4.1.21
- ibm / DataPower Gateway10.0.1.8 – 10.0.1.8