IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. The platform protects, integrates and optimizes access across channels using a dedicated gateway platform.IBM DataPower Gateway is vulnerable to a server-side request forgery vulnerability that stems from the product’s failure to properly validate user input, which could be exploited by an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.