Multiple vulnerabilities in IBM WebSphere DataPower XC10

Posted: December 28, 2012 in Vulnerabilities
Tags: , , ,

IBM logoVulnerability: vulnerabilities in IBM WebSphere DataPower XC10

Danger: Low
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2012-5756
CVE-2012-5758
CVE-2012-5759
Vector of operation: LAN
Impact: Denial of service
Security Bypass

Affected Products: IBM WebSphere DataPower XC10 2.x

Affected versions: WebSphere DataPower XC10 2.0.0.0 – 2.0.0.3, WebSphere DataPower XC10 2.1.0.0 – 2.1.0.2

Description:

Which can be exploited by malicious people to carry out DoS-attack.

1. The vulnerability is due to the fact that a certain functional control interface available without pre-authentication. A remote user can disable certain features.

2. The vulnerability is due to the fact that certain administrative operations are not properly restricted to administrative roles. This can be
Note: The manufacturer also said gaps associated with the public key of the connection used to transfer data between servers.

Manufacturer URL: http://ibm.com

Solution: To resolve the vulnerability patch from the manufacturer.

links:

http://www.ibm.com/support/docview.wss

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s