Authentication Bypass in IBM WebSphere DataPower XC10 Appliances
CVE-2013-5428

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance; Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 22 October 2013

Summary

IBM WebSphere DataPower XC10 appliances with version 2.5.0 have a vulnerability that allows remote attackers to perform administrative actions without the need for authentication. This flaw can lead to unauthorized access and possible denial of service. Attackers can exploit this vulnerability through various unspecified vectors, posing significant risks to the integrity and availability of the systems.

References

http://www.ibm.com/support/docview.wss?uid=swg21653546

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/87560

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 22, 2013
Vulnerability Reserved
Aug 22, 2013