CVE-2020-5008

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 10.0.0.0 through 10.0.1.0 IBM DataPower Gateway versions 2018.4.1.0 through 2018.4.1.14

Description The issue is related to the storage of sensitive information in GET request parameters, which may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, or browser history.

Recommendations For versions 10.0.0.0 through 10.0.1.0, update to a version that does not store sensitive information in GET request parameters. For versions 2018.4.1.0 through 2018.4.1.14, update to a version that does not store sensitive information in GET request parameters. As a temporary workaround, consider restricting access to server logs and referrer headers to minimize the risk of exploitation.