CVE-2020-5008

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.

Published: Jun 7, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-5008
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-922

Affected Software
References

Software	From	Fixed in
ibm / datapower_gateway	2018.4.1.0	2018.4.1.14.x
ibm / datapower_gateway	10.0.0.0	10.0.1.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/193033
https://www.ibm.com/support/pages/node/6459681

Vulnerability Database

290,020

CVE-2020-5008