Cross-Site Request Forgery Vulnerability in IBM DataPower Gateway
CVE-2022-31773

8.8HIGH

Key Information:

Vendor: IBM
Status: Datapower Gateway
Vendor: CVE Published:; 26 August 2022

Summary

IBM DataPower Gateway versions V10CD, 10.0.1, and 2018.4.1 are prone to a Cross-Site Request Forgery (CSRF) flaw that may allow attackers to execute unauthorized actions on behalf of trusted users. This exploit occurs when the application fails to adequately validate requests from authenticated users, leading to potential unauthorized changes and data manipulation. For more information and mitigation strategies, visit IBM Support or IBM X-Force Exchange.

Affected Version(s)

DataPower Gateway 2018.4.1.0

DataPower Gateway 10.0.1.0

DataPower Gateway 10.0.2.0

References

https://www.ibm.com/support/pages/node/6615307

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/228357

vdb-entryx_refsource_XF

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2022
Vulnerability Reserved
May 27, 2022