CVE-2020-4992

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 71.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Datapower Gateway

Timeline

PublishedAug 17

Latest updateMay 24

Description

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/datapower_gateway2018.4.1.0 — 2018.4.1.16

▶CVEListV5ibm/datapower_gateway2018.4.1.0, 2018.4.1.16+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-26m2-3jc9-5rqh: IBM DataPower Gateway 2018↗2022-05-24

▶

CVEList

CVE-2020-4992: IBM DataPower Gateway 2018↗2021-08-17

▶