Data Retention Vulnerability in IBM WebSphere DataPower XC10 Appliance
CVE-2015-1970
Currently unrated
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 3 August 2015
Summary
The IBM WebSphere DataPower XC10 appliance versions 2.1 up to 2.1.0.3 and 2.5 up to 2.5.0.4 have a significant flaw in their data retention policy. This vulnerability allows physically proximate attackers to potentially recover sensitive information by removing SSD cards containing residual data and interfacing them with other systems. Such exposure underlines the importance of secure data deletion practices, particularly when hardware is decommissioned or transferred.
References
Timeline
Vulnerability published
Vulnerability Reserved