Skip to main content

Websphere Datapower Xc10 Appliance

9 CVEs product

Monthly

CVE-2014-3060 CRITICAL PATCH Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-3059 CRITICAL PATCH Act Now

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2013-5446 CRITICAL Act Now

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-5428 HIGH This Week

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service IBM Websphere Datapower Xc10 Appliance Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2013-0499 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware +11
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0600 CRITICAL Act Now

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
9.3
EPSS
0.2%
CVE-2012-5759 CRITICAL Act Now

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2012-5758 HIGH This Week

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Authentication Bypass Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
7.8
EPSS
3.0%
CVE-2012-5756 MEDIUM This Month

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
4.3
EPSS
0.5%
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware +1
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware +1
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service IBM +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware +13
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Websphere Datapower Xc10 Appliance Firmware +1
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Websphere Datapower Xc10 Appliance
NVD
EPSS 3% CVSS 7.8
HIGH This Week

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Authentication Bypass +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy