CVE-2021-38872

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 36.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Datapower Gateway

Timeline

PublishedMay 17

Latest updateMay 18

Description

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/datapower_gateway10.0.1.0 — 10.0.1.4+3

▶CVEListV5ibm/datapower_gateway6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vcpq-5cpm-3vf2: IBM DataPower Gateway 10↗2022-05-18

▶

CVEList

CVE-2021-38872: IBM DataPower Gateway 10↗2022-05-17

▶