Data Retention Vulnerability in IBM WebSphere DataPower XC10 Appliance
CVE-2015-1970

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 August 2015

Summary

The IBM WebSphere DataPower XC10 appliance versions 2.1 up to 2.1.0.3 and 2.5 up to 2.5.0.4 have a significant flaw in their data retention policy. This vulnerability allows physically proximate attackers to potentially recover sensitive information by removing SSD cards containing residual data and interfacing them with other systems. Such exposure underlines the importance of secure data deletion practices, particularly when hardware is decommissioned or transferred.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.