CVE-2022-31776

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 66.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Datapower Gateway
Timeline
PublishedAug 1
Latest updateAug 2

Description

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/datapower_gateway10.0.2.010.5.0.1+3
CVEListV5ibm/datapower_gateway7 versions+6

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-wc5h-762j-w3cx: IBM DataPower Gateway 102022-08-02
CVEList
CVE-2022-31776: IBM DataPower Gateway 102022-07-31
CVE-2022-31776 (HIGH CVSS 8.8) | IBM DataPower Gateway 10.0.2.0 thro | cvebase.io