CVE-2021-38910

Summary

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.

Affected Software

VendorProductVersion RangeStatus
IBMDataPower Gateway2018.4.1.0affected
IBMDataPower Gateway10.0.1.0affected
IBMDataPower Gateway10.0.2.0affected
IBMDataPower Gateway10.0.1.5affected
IBMDataPower Gateway10.0.3.0affected
IBMDataPower Gateway2108.4.1.18affected

Weaknesses

  • Bypass Security

ADP Enrichment

CVE Program Container

Additional References

References