CVE-2020-4205Improper Authentication in IBM Datapower Gateway

CWE-287Improper Authentication3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 75.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Datapower Gateway
Timeline
PublishedMar 19
Latest updateMay 24

Description

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDibm/datapower_gateway2018.4.1.02018.4.1.8
CVEListV5ibm/datapower_gateway2018.4.1.0, 2018.4.1.8+1

🔴Vulnerability Details

2
GHSA
GHSA-xcrr-2639-rr7x: IBM DataPower Gateway 20182022-05-24
CVEList
CVE-2020-4205: IBM DataPower Gateway 20182020-03-19
CVE-2020-4205 — Improper Authentication in IBM | cvebase