PT-2021-6747 · Ibm · Ibm Datapower Gateway

Published

2021-03-07

Updated

2021-03-16

CVE-2020-5014

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions V10 through V2018

Description The issue is related to insufficient server-side request validation in IBM DataPower Gateway, which can be exploited to execute arbitrary code. A local attacker with administrative privileges may use a server-side request forgery attack to achieve this.

Recommendations For IBM DataPower Gateway versions V10 through V2018, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to administrative privileges to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2022-02136

CVE-2020-5014

Affected Products

Ibm Datapower Gateway

PT-2021-6747 · Ibm · Ibm Datapower Gateway

CVE-2020-5014

Weakness Enumeration

Related Identifiers

Affected Products

References · 8