CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
29.5%
IBM DataPower Gateway is vulnerable to a cross-site request forgery attack against the Web UI. IBM has addressed the vulnerability.
CVEID:CVE-2022-31773
**DESCRIPTION:**IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228357 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM DataPower Gateway V10CD | V10.0.2.0 - 10.0.4.0 |
IBM DataPower Gateway 10.0.1 | 10.0.1.0 - 10.0.1.9 |
IBM DataPower Gateway 2018.4.1 | 2018.4.1.0 - 2018.4.1.22 |
Affected Product | Fixed in version | Fix link |
---|---|---|
IBM DataPower Gateway V10CD | 10.0.4.0sr2 | IT42300 |
IBM DataPower Gateway 10.0.1 | 10.0.1.10 | IT42300 |
IBM DataPower Gateway 2018.4.1 | 2018.4.1.23 | IT42300 |
The fix is also available in version 10.5.0; customers using earlier releases may upgrade free of charge to 10.5.0.
Customers should ensure that management interfaces are accessible only via internal networks. Administrators should not click on links from untrusted sources, and should log out when not actually performing administrative tasks.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | datapower_gateway | 2018.4.1 | cpe:2.3:a:ibm:datapower_gateway:2018.4.1:*:*:*:*:*:*:* |
ibm | datapower_gateway | 10.0.1 | cpe:2.3:a:ibm:datapower_gateway:10.0.1:*:*:*:*:*:*:* |
ibm | datapower_gateway | 10 | cpe:2.3:a:ibm:datapower_gateway:10:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
29.5%