What is the vulnerability ID of this issue?

The vulnerability ID is CVE-2022-31774.

What is the severity of CVE-2022-31774?

The severity of CVE-2022-31774 is medium with a CVSS score of 5.4.

What is the impact of CVE-2022-31774?

CVE-2022-31774 allows users to embed arbitrary JavaScript code in the Web UI of IBM DataPower Gateway, potentially altering the intended functionality of the application.

Are there any available fixes or patches for CVE-2022-31774?

Please refer to the IBM Support page at https://www.ibm.com/support/pages/node/6608600 for information on available fixes or patches for CVE-2022-31774.

Vulnerability/
CVE-2022-31774

medium

5.4

CWE

14/7/2022

29/7/2022

3/8/2024

CVE-2022-31774: XSS

Q: Which versions of IBM DataPower Gateway are affected by CVE-2022-31774?

IBM DataPower Gateway versions 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 are affected.

First published: Thu Jul 14 2022(Updated: )

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM DataPower Gateway	>=10.0.1.0<=10.0.1.8
IBM DataPower Gateway	>=10.0.2.0<10.5.0.1
IBM DataPower Gateway	>=2018.4.1.0<=2018.4.1.21
IBM DataPower Gateway	=10.5.0.0
IBM DataPower Gateway V10.5.0	<=10.5.0.0
IBM DataPower Gateway V10CD	<=10.0.2.0 - 10.0.4.0
IBM DataPower Gateway 10.0.1	<=10.0.1.0 - 10.0.1.8
IBM DataPower Gateway 2018.4.1	<=2018.4.1.0 - 2018.4.1.21

Remedy

https://www.ibm.com/support/pages/node/6608600

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6608600

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2022-31774.
What is the severity of CVE-2022-31774?
The severity of CVE-2022-31774 is medium with a CVSS score of 5.4.
Which versions of IBM DataPower Gateway are affected by CVE-2022-31774?
IBM DataPower Gateway versions 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 are affected.
What is the impact of CVE-2022-31774?
CVE-2022-31774 allows users to embed arbitrary JavaScript code in the Web UI of IBM DataPower Gateway, potentially altering the intended functionality of the application.
Are there any available fixes or patches for CVE-2022-31774?
Please refer to the IBM Support page at https://www.ibm.com/support/pages/node/6608600 for information on available fixes or patches for CVE-2022-31774.

collector/nvd-index
agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/remedy
agent/severity
agent/weakness
agent/softwarecombine
agent/first-publish-date
agent/description
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm datapower gateway
version/ibm datapower gateway/10.0.1.0
version/ibm datapower gateway/10.0.1.8
version/ibm datapower gateway/10.0.2.0
version/ibm datapower gateway/2018.4.1.0
version/ibm datapower gateway/2018.4.1.21
version/ibm datapower gateway/10.5.0.0
canonical/ibm datapower gateway v10.5.0
version/ibm datapower gateway v10.5.0/10.5.0.0
canonical/ibm datapower gateway v10cd
version/ibm datapower gateway v10cd/10.0.2.0 - 10.0.4.0
canonical/ibm datapower gateway 10.0.1
version/ibm datapower gateway 10.0.1/10.0.1.0 - 10.0.1.8
canonical/ibm datapower gateway 2018.4.1
version/ibm datapower gateway 2018.4.1/2018.4.1.0 - 2018.4.1.21