What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2022-31775.

What is the severity level of CVE-2022-31775?

The severity level of CVE-2022-31775 is critical, with a severity value of 9.1.

Which software versions are affected by CVE-2022-31775?

IBM DataPower Gateway versions 10.0.1.0 to 10.0.1.8, 10.0.2.0 to 10.0.4.0, 10.5.0.0, and 2018.4.1.0 to 2018.4.1.21 are affected by CVE-2022-31775.

What is the risk of CVE-2022-31775?

CVE-2022-31775 poses a risk of an XML External Entity (XXE) Injection attack, which could lead to the exposure of sensitive information or unauthorized access.

Is there a fix available for CVE-2022-31775?

Yes, IBM has provided fixes and mitigations for CVE-2022-31775. Please refer to the IBM support page for more information.

Vulnerability/
CVE-2022-31775

critical

9.1

CWE

611

29/7/2022

3/8/2024

CVE-2022-31775: XEE

First published: Fri Jul 29 2022(Updated: )

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM DataPower Gateway	>=10.0.1.0<10.0.1.8
IBM DataPower Gateway	>=10.0.2.0<10.5.0.1
IBM DataPower Gateway	>=2018.4.1.0<2018.4.1.21
IBM DataPower Gateway	=10.5.0.0
IBM DataPower Gateway V10CD	<=10.0.2.0 - 10.0.4.0
IBM DataPower Gateway 10.0.1	<=10.0.1.0 - 10.0.1.7
IBM DataPower Gateway 2018.4.1	<=2018.4.1.0 - 2018.4.1.20
IBM DataPower Gateway 10.5.0	<=10.5.0.0

Remedy

https://www.ibm.com/support/pages/node/6608608

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6608608

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-31775.
What is the severity level of CVE-2022-31775?
The severity level of CVE-2022-31775 is critical, with a severity value of 9.1.
Which software versions are affected by CVE-2022-31775?
IBM DataPower Gateway versions 10.0.1.0 to 10.0.1.8, 10.0.2.0 to 10.0.4.0, 10.5.0.0, and 2018.4.1.0 to 2018.4.1.21 are affected by CVE-2022-31775.
What is the risk of CVE-2022-31775?
CVE-2022-31775 poses a risk of an XML External Entity (XXE) Injection attack, which could lead to the exposure of sensitive information or unauthorized access.
Is there a fix available for CVE-2022-31775?
Yes, IBM has provided fixes and mitigations for CVE-2022-31775. Please refer to the IBM support page for more information.

collector/nvd-index
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/remedy
agent/severity
agent/weakness
agent/softwarecombine
agent/first-publish-date
agent/type
agent/description
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm datapower gateway
version/ibm datapower gateway/10.0.1.0
version/ibm datapower gateway/10.0.2.0
version/ibm datapower gateway/2018.4.1.0
version/ibm datapower gateway/10.5.0.0
canonical/ibm datapower gateway v10cd
version/ibm datapower gateway v10cd/10.0.2.0 - 10.0.4.0
canonical/ibm datapower gateway 10.0.1
version/ibm datapower gateway 10.0.1/10.0.1.0 - 10.0.1.7
canonical/ibm datapower gateway 2018.4.1
version/ibm datapower gateway 2018.4.1/2018.4.1.0 - 2018.4.1.20
canonical/ibm datapower gateway 10.5.0
version/ibm datapower gateway 10.5.0/10.5.0.0