Unauthorized Access Vulnerability in IBM Datapower Gateway
CVE-2022-22326

4MEDIUM

Key Information:

Vendor

IBM
Status
Datapower Gateway
Vendor
CVE Published:
29 July 2022

What is CVE-2022-22326?

The vulnerability in IBM Datapower Gateway allows attackers to potentially view restricted logs and files due to insufficient authorization checks. This weakness affects various versions of the product, potentially exposing sensitive information if exploited. Proper authorization mechanisms should be implemented to mitigate the risk associated with this vulnerability.

Affected Version(s)

DataPower Gateway 2018.4.1.0

DataPower Gateway 10.0.1.0

DataPower Gateway 10.0.2.0

References

https://www.ibm.com/support/pages/node/6560048
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6608598
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/218856
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.