CVE-2020-5008

Summary

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.

Affected Software

VendorProductVersion RangeStatus
IBMDataPower Gateway2018.4.1.0affected
IBMDataPower Gateway10.0.0.0affected
IBMDataPower Gateway10.0.1.0affected
IBMDataPower Gateway2018.4.1.14affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References