CVE-2020-4203Sensitive Information Exposure in IBM Datapower Gateway

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 49.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Datapower Gateway
Timeline
PublishedMar 19
Latest updateMay 24

Description

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/datapower_gateway2018.4.1.02018.4.1.8
CVEListV5ibm/datapower_gateway2018.4.1.0, 2018.4.1.8+1

🔴Vulnerability Details

2
GHSA
GHSA-5hw4-855x-57vm: IBM DataPower Gateway 20182022-05-24
CVEList
CVE-2020-4203: IBM DataPower Gateway 20182020-03-19
CVE-2020-4203 — Sensitive Information Exposure in IBM | cvebase