Critical Severity

Security Bulletin: IBM DataPower Gateway affected by prototype pollution in DOJO (CVE-2021-23450)

Share this post:

DOJO is used mostly in the deprecated BluePrint GUI, but is also used in a small number of places in the standard Web UI. The vulnerable function is not used, but IBM has addressed the CVE.

CVE(s): CVE-2021-23450

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM DataPower Gateway V10CD 10.0.2.0-10.0.4.0
IBM DataPower Gateway 10.0.1 10.0.1.0-10.0.1.6
IBM DataPower Gateway 2018.4.1 2018.4.1.0-2018.4.1.19

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6592225
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463

More stories

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

September 30, 2022 | Critical Severity

IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18. IBM Case Manager doesn't meet all of the criterias and, therefore, is not vulnerable. ...read more


Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

September 23, 2022 | Critical Severity

There are multiple vulnerabilities in Curl that affect PowerSC. ...read more


Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)

September 21, 2022 | Critical Severity

Postgresql is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Postgresql has been published in a security bulletin. ...read more