CVE-2014-6138
IBM WebSphere DataPower XC10 Appliance 2.1-2.5 - Authenticated Unauthorized Data Access
Title source: llmDescription
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.
References (3)
Core 3
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21691035
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96852
Scores
EPSS
0.0112
EPSS Percentile
62.1%
Details
CWE
CWE-200
Status
published
Products (2)
ibm/websphere_datapower_xc10_appliance_firmware
2.1.0.0
ibm/websphere_datapower_xc10_appliance_firmware
2.5.0.0
Published
Dec 12, 2014
Tracked Since
Feb 18, 2026