Описание
The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.0082
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.
EPSS
Процентиль: 74%
0.0082
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264