Description
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
Exploits (1)
nomisec
WORKING POC
2 stars
by copethomas · poc
https://github.com/copethomas/datapower-redis-rce-exploit
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6426789
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/193247
Scores
CVSS v3
6.7
EPSS
0.0068
EPSS Percentile
71.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
ibm/datapower_gateway
10.0.0.0 - 10.0.1.1
Published
Mar 08, 2021
Tracked Since
Feb 18, 2026