CVE-2021-38910

Name of the Vulnerable Software and Affected Versions IBM DataPower Gateway versions 10.0.1 through 2108.4.1 IBM DataPower Gateway V10CD

Description The issue is caused by the improper validation of input, allowing a remote attacker to bypass security restrictions. By sending a specially crafted JSON message, an attacker could exploit this to modify structure and fields.

Recommendations For IBM DataPower Gateway versions 10.0.1 through 2108.4.1, update to a version that properly validates input to prevent bypassing of security restrictions. For IBM DataPower Gateway V10CD, ensure proper validation of input is in place to mitigate the risk of exploitation. As a temporary workaround, consider restricting the ability to send specially crafted JSON messages to the gateway until a patch is available.