Lucene search
IBMAC691DE3D2960AACD17B4C8EF93576841ECB0BF3F04BF13AC55011C8F1813D4FHistoryJun 08, 2021 - 9:47 p.m.
Security Bulletin: IBM DataPower Gateway vulnerable to an RCE attack (CVE-2020-5014)
2021-06-0821:47:38
www.ibm.com
20
ibm datapower gateway
remote code execution
cve-2020-5014
administrative privileges
server-side request forgery
EPSS
0
Percentile
5.1%
Summary
IBM has addressed the relevant CVE
Vulnerability Details
CVEID:CVE-2020-5014
**DESCRIPTION:**IBM DataPower Gateway could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/193247 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM DataPower Gateway | 10.0.0.0-10.0.1.1 |
| IBM DataPower Gateway | 2018.4.1.0-2018.4.1.14 |
Remediation/Fixes
| Affected Product Version | Fixed in version | APAR |
|---|---|---|
| IBM DataPower Gateway | 10.0.1.2 | IT35327 |
IBM DataPower Gateway| 2018.4.1.15| IT35327
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2020-5014
2021-03-08 18:00:26
prion
prion
Server side request forgery (ssrf)
2021-03-08 18:15:00
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Ibm Datapower Gateway
2020-10-18 10:32:32
nvd
nvd
CVE-2020-5014
2021-03-08 18:15:13
cve
cve
CVE-2020-5014
2021-03-08 18:15:13