Data Retention Vulnerability in IBM WebSphere DataPower XC10 Appliance
CVE-2015-1970

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 3 August 2015

Summary

The IBM WebSphere DataPower XC10 appliance versions 2.1 up to 2.1.0.3 and 2.5 up to 2.5.0.4 have a significant flaw in their data retention policy. This vulnerability allows physically proximate attackers to potentially recover sensitive information by removing SSD cards containing residual data and interfacing them with other systems. Such exposure underlines the importance of secure data deletion practices, particularly when hardware is decommissioned or transferred.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21962861

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IT09803

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Aug 3, 2015
Vulnerability Reserved
Feb 19, 2015