Home/Product/ibm datapower gateway
Product

ibm datapower gateway

40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-36375
>= 10.5.0.0 and < 10.5.0.21
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPow
6.5MEDIUM
 CVE-2025-36373
>= 10.5.0.0 and < 10.5.0.21
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPow
4.1MEDIUM
 CVE-2022-40228
>= 10.0.1.0 and <= 10.0.1.9
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 1
3.7LOW
 CVE-2022-31773
>= 10.0.1.0 and < 10.5.0
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to exe
8.8HIGH
 CVE-2022-32750
>= 10.0.1.0 and <= 10.0.1.8
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulner
5.4MEDIUM
 CVE-2022-31776
>= 10.0.1.0 and <= 10.0.1.8
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulner
8.8HIGH
 CVE-2022-31775
>= 10.0.1.0 and < 10.0.1.8
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulner
9.1CRITICAL
 CVE-2022-31774
>= 10.0.1.0 and <= 10.0.1.8
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulner
5.4MEDIUM
 CVE-2022-22326
>= 10.0.1.0 and < 10.0.1.6
IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unautho
3.3LOW
 CVE-2021-38944
>= 10.0.1.0 and <= 10.0.1.5
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTT
6.1MEDIUM
 CVE-2021-38872
>= 10.0.1.0 and <= 10.0.1.4
IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user
7.5HIGH
 CVE-2020-4994
>= 10.0.1.0 and <= 10.0.1.4
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary
7.5HIGH
 CVE-2021-38910
>= 10.0.1.0 and <= 10.0.1.5
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the imp
5.3MEDIUM
 CVE-2020-4992
>= 2018.4.1.0 and <= 2018.4.1.16
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to
6.5MEDIUM
 CVE-2020-5008
>= 10.0.0.0 and <= 10.0.1.0
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request par
5.3MEDIUM
 CVE-2020-4831
>= 10.0.0.0 and <= 10.0.1.0
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to
7.5HIGH
 CVE-2020-5014
>= 10.0.0.0 and <= 10.0.1.1
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the s
6.7MEDIUM
 CVE-2020-4528
>= 2018.4.1.0 and <= 2018.4.1.12
IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special condi
5.5MEDIUM
 CVE-2020-4581
>= 2018.4.1.0 and <= 2018.4.1.12
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunk
7.5HIGH
 CVE-2020-4580
>= 2018.4.1.0 and <= 2018.4.1.12
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a speci
7.5HIGH
 CVE-2020-4579
>= 2018.4.1.0 and <= 2018.4.1.12
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a speci
7.5HIGH
 CVE-2020-4205
>= 2018.4.1.0 and <= 2018.4.1.8
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continu
6.3MEDIUM
 CVE-2020-4203
>= 2018.4.1.0 and <= 2018.4.1.8
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user d
4.9MEDIUM
 CVE-2019-4621
>= 7.6.0.0 and <= 7.6.0.14
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabl
9.8CRITICAL
 CVE-2019-4294
>= 7.6.0.0 and <= 7.6.0.15
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0
7.8HIGH
 CVE-2018-1666
>= 7.5.0.0 and <= 7.5.0.19
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.
4.3MEDIUM
 CVE-2018-1668
>= 7.5.0.0 and <= 7.5.0.19
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 a
5.3MEDIUM
 CVE-2018-1677
>= 7.1.0.0 and <= 7.1.0.22
IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, cause
5.1MEDIUM
 CVE-2018-1661
>= 7.5.0.0 and <= 7.5.0.17
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to exe
6.5MEDIUM
 CVE-2018-1667
>= 7.5.0.0 and <= 7.5.0.18
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and
5.4MEDIUM
 CVE-2018-1665
>= 7.5.0.0 and <= 7.5.0.18
IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2.17, 7.5.1.0 through 7.5.1.17, 7.5.0.0 through 7.5.0.18, and
5.9MEDIUM
 CVE-2018-1652
>= 7.1.0.0 and <= 7.1.0.19
IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2
6.2MEDIUM
 CVE-2018-1663
>= 7.5.0.0 and <= 7.5.0.17
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by
5.9MEDIUM
 CVE-2018-1669
>= 7.1.0.0 and <= 7.1.0.23
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.
7.1HIGH
 CVE-2018-1664
>= 7.1.0.0 and <= 7.1.0.23
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.
6.2MEDIUM
 CVE-2018-1421
>= 7.1.0.0 and <= 7.1.0.21
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) att
7.1HIGH
 CVE-2017-1773
>= 7.1.0.0 and <= 7.1.0.20
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to
4.0MEDIUM
 CVE-2017-1591
all versions
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to emb
6.1MEDIUM
 CVE-2015-7427
<= 6.0.0.16
IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7
 CVE-2015-7412
<= 7.2.0.0
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin