Skip to main content

Websphere Datapower Xc10 Appliance Firmware

14 CVEs product

Monthly

CVE-2016-2870 LOW Monitor

Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Buffer Overflow Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 3.0
2.7
EPSS
0.4%
CVE-2015-1970 LOW PATCH Monitor

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1893 MEDIUM PATCH This Month

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2014-6138 MEDIUM This Month

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-6163 LOW Monitor

Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6143 LOW Monitor

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3058 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
6.0
EPSS
0.1%
CVE-2014-3060 CRITICAL PATCH Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2014-3059 CRITICAL PATCH Act Now

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
10.0
EPSS
2.4%
CVE-2013-5446 CRITICAL Act Now

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2013-5428 HIGH This Week

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service IBM Websphere Datapower Xc10 Appliance Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2013-5403 CRITICAL Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2013-0499 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance Websphere Datapower Service Gateway Xg45 Virtual Edition Firmware +11
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0600 CRITICAL Act Now

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Websphere Datapower Xc10 Appliance Firmware Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
9.3
EPSS
0.2%
EPSS 0% CVSS 2.7
LOW Monitor

Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Datapower Xc10 Appliance Firmware
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF +1
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware +1
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Datapower Xc10 Appliance Firmware +1
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service IBM +2
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain administrative access via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Datapower Xc10 Appliance Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

IBM XSS Websphere Datapower Xc10 Appliance Firmware +13
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Websphere Datapower Xc10 Appliance Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy