CVE-2020-4994
First published: Tue May 10 2022(Updated: )
IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests. IBM X-Force ID: 192906.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DataPower Gateway | >=10.0.1.0<=10.0.1.4 | |
| IBM DataPower Gateway | >=2018.4.1.0<=2018.4.1.17 | |
| IBM DataPower Gateway 10.0.1 | <=10.0.1.0-10.0.1.4 | |
| IBM DataPower Gateway | <=2018.4.1.0-2018.4.1.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4994?
CVE-2020-4994 is a vulnerability in IBM DataPower Gateway that could allow a remote user to cause a temporary denial of service by sending invalid HTTP requests.
What is the severity level of CVE-2020-4994?
The severity of CVE-2020-4994 is high with a CVSS score of 7.5.
Which versions of IBM DataPower Gateway are affected by CVE-2020-4994?
IBM DataPower Gateway versions 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 are affected by CVE-2020-4994.
How can a remote user exploit CVE-2020-4994?
A remote user can exploit CVE-2020-4994 by sending invalid HTTP requests.
Is there a fix available for CVE-2020-4994?
Yes, IBM has provided a fix for CVE-2020-4994. Please refer to the IBM support page for more information.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- canonical/ibm datapower gateway
- version/ibm datapower gateway/10.0.1.0
- version/ibm datapower gateway/10.0.1.4
- version/ibm datapower gateway/2018.4.1.0
- version/ibm datapower gateway/2018.4.1.17
- canonical/ibm datapower gateway 10.0.1
- version/ibm datapower gateway 10.0.1/10.0.1.0-10.0.1.4
- version/ibm datapower gateway/2018.4.1.0-2018.4.1.17