Medium Severity

Security Bulletin: Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway

Share this post:

IBM DataPower Gateway is potentially vulnerable to two side-channel attacks (CVE-2018-0495, CVE-2018-12404)

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM DataPower Gateway 2018.4.1.0-2018.4.1.8
IBM DataPower Gateway 7.6.0.0-7.6.0.17

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1167190

More stories

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)

Feb 14, 2020 7:00 pm EST | Medium Severity

OpenSSL vulnerabilities were discllossed by the OpenSSL Project in October and November of 2018. IBM Spectrum Protect Plus uses OpenSSL and has addressed the applicable CVEs. ...read more


Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty in IBM Cloud Private VM Quickstarter

Feb 14, 2020 7:00 pm EST | Medium Severity

There are multiple vulnerabiltities in WebSphere Application Server Liberty that is shipped with IBM WebSphere Application for IBM Cloud Private VM Quickstarter. There is an information disclosure and a bypass security vulnerability in WebSphere Application Server Liberty. There is a potential information disclosure vulnerability in IBM WebSphere Application Server. There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center. There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server. ...read more