Vulnerability Details : CVE-2020-5008
IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 stores sensitive information in GET request parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 193033.
Vulnerability category: Information leak
Products affected by CVE-2020-5008
- cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*
- IBM » Datapower GatewayVersions from including (>=) 2018.4.1.0 and up to, including, (<=) 2018.4.1.14cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5008
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5008
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
IBM Corporation | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2020-5008
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5008
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/193033
IBM DataPower Gateway information disclosure CVE-2020-5008 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6459681
Security Bulletin: IBM DataPower Gateway GUI permits use of GETPatch;Vendor Advisory
Jump to