CVE-2012-5758

IBM Websphere Datapower Xc10 Appliance - Authentication Bypass

Title source: rule

Description

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 does not require authentication for an unspecified interface, which allows remote attackers to cause a denial of service (process exit) via unknown vectors.

References (7)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IC86908

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21615783

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg24033740

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80063

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56617

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027798

[Third Party Advisory] http://secunia.com/advisories/51319

Scores

EPSS 0.0304

EPSS Percentile 86.5%

Classification

CWE

CWE-287

Status draft

Affected Products (7)

ibm/websphere_datapower_xc10_appliance

ibm/websphere_datapower_xc10_appliance

ibm/websphere_datapower_xc10_appliance

ibm/websphere_datapower_xc10_appliance

ibm/websphere_datapower_xc10_appliance

ibm/websphere_datapower_xc10_appliance

ibm/websphere_datapower_xc10_appliance

Timeline

Published Nov 23, 2012

Tracked Since Feb 18, 2026