CVE-2020-4205
First published: Tue Mar 17 2020(Updated: )
IBM DataPower Gateway could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DataPower Gateway | <=2018.4.1.0-2018.4.1.8 | |
| IBM DataPower Gateway | >=2018.4.1.0<=2018.4.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4205?
CVE-2020-4205 is a vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 that allows an authenticated user to bypass security restrictions and continue accessing the server even after authentication certificates have been revoked.
What is the severity of CVE-2020-4205?
The severity of CVE-2020-4205 is medium, with a severity value of 6.3.
How does CVE-2020-4205 affect IBM DataPower Gateway?
CVE-2020-4205 affects IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8, allowing an authenticated user to bypass security restrictions.
How can I fix CVE-2020-4205?
To fix CVE-2020-4205, upgrade IBM DataPower Gateway to a version outside the vulnerable range (2018.4.1.0-2018.4.1.8).
Where can I find more information about CVE-2020-4205?
You can find more information about CVE-2020-4205 at the IBM X-Force ID (174961) and the IBM support page.
- collector/ibm-support
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ibm
- canonical/ibm datapower gateway
- version/ibm datapower gateway/2018.4.1.0-2018.4.1.8
- version/ibm datapower gateway/2018.4.1.0
- version/ibm datapower gateway/2018.4.1.8