CVE-2020-4992

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.16

Description The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts due to cross-site request forgery.

Recommendations For versions 2018.4.1.0 through 2018.4.1.16, update to a version that is not affected by this issue to prevent cross-site request forgery attacks. As a temporary workaround, consider implementing additional security measures to prevent cross-site request forgery, such as validating user requests and ensuring that sensitive actions require explicit user confirmation.