Ibm Websphere Datapower Xc10 Appliance Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Websphere Datapower Xc10 Appliance Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2014-3060 — CVSS 10.0 (critical): Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by…
CVE-2013-5403 — CVSS 10.0 (critical): Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.0 through 2.5.0.1 allows remote attackers to obtain…
CVE-2013-5446 — CVSS 10.0 (critical): The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified…
CVE-2014-3059 — CVSS 10.0 (critical): Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain…
CVE-2013-0600 — CVSS 9.3 (critical): Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass…
CVE-2013-5428 — CVSS 7.1 (high): IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers…
CVE-2015-1893 — CVSS 6.8 (medium): The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and…
CVE-2014-3058 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote…
CVE-2013-0499 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0…
CVE-2014-6138 — CVSS 4.0 (medium): The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access…
CVE-2014-6163 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated…
CVE-2016-2870 — CVSS 2.7 (low): Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of…
CVE-2014-6143 — CVSS 2.1 (low): The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response.
CVE-2015-1970 — CVSS 2.1 (low): The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow…