Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:datapower_gateway:7.7.1.3::~~continuous_delivery~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-4294 |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. Published: August 20, 2019; 3:15:11 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-1663 |
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 144889. Published: December 07, 2018; 11:29:00 AM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |