Vulnerability: vulnerabilities in IBM WebSphere DataPower XC10
Number of vulnerabilities: 2
CVE ID: CVE-2012-5756
Vector of operation: LAN
Impact: Denial of service
Affected Products: IBM WebSphere DataPower XC10 2.x
Affected versions: WebSphere DataPower XC10 184.108.40.206 – 220.127.116.11, WebSphere DataPower XC10 18.104.22.168 – 22.214.171.124
Which can be exploited by malicious people to carry out DoS-attack.
1. The vulnerability is due to the fact that a certain functional control interface available without pre-authentication. A remote user can disable certain features.
2. The vulnerability is due to the fact that certain administrative operations are not properly restricted to administrative roles. This can be
Note: The manufacturer also said gaps associated with the public key of the connection used to transfer data between servers.
Manufacturer URL: http://ibm.com
Solution: To resolve the vulnerability patch from the manufacturer.