CVE-2020-4992: CSRF
First published: Thu Aug 12 2021(Updated: )
IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DataPower Gateway | <=2018.4.1.0-2018.4.1.16 | |
| IBM DataPower Gateway | >=2018.4.1.0<=2018.4.1.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4992?
CVE-2020-4992 is a vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 that allows an attacker to execute malicious actions through cross-site request forgery.
How does the vulnerability in IBM DataPower Gateway occur?
The vulnerability occurs due to a lack of proper validation of user input, allowing an attacker to execute unauthorized actions on a trusted website.
What is the severity of CVE-2020-4992?
CVE-2020-4992 has a severity rating of 6.5 (medium).
What is the CWE ID for CVE-2020-4992?
The CWE ID for CVE-2020-4992 is CWE-352.
How can I mitigate the vulnerability in IBM DataPower Gateway?
To mitigate the vulnerability, update IBM DataPower Gateway to a version beyond 2018.4.1.16.
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm datapower gateway
- version/ibm datapower gateway/2018.4.1.0-2018.4.1.16
- version/ibm datapower gateway/2018.4.1.0
- version/ibm datapower gateway/2018.4.1.16