PT-2020-17918 · Ibm · Ibm Datapower Gateway

Published

2020-03-19

Updated

2020-03-20

CVE-2020-4205

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.8

Description The issue allows an authenticated user to bypass security restrictions and continue accessing the server even after authentication certificates have been revoked.

Recommendations For IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.8, update to a version that includes a fix for this issue to prevent authenticated users from bypassing security restrictions after certificate revocation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-4205

Affected Products

Ibm Datapower Gateway

PT-2020-17918 · Ibm · Ibm Datapower Gateway

CVE-2020-4205

Weakness Enumeration

Related Identifiers

Affected Products

References · 4