{"containers": {"cna": {"affected": [{"product": "DataPower Gateway", "vendor": "IBM", "versions": [{"status": "affected", "version": "2018.4.1.0"}, {"status": "affected", "version": "10.0.1.0"}, {"status": "affected", "version": "10.0.2.0"}, {"status": "affected", "version": "10.0.1.5"}, {"status": "affected", "version": "10.0.3.0"}, {"status": "affected", "version": "2108.4.1.18"}]}], "datePublic": "2022-03-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.2, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/AC:H/I:L/A:N/PR:N/AV:N/C:N/S:U/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Bypass Security", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-10T19:50:21.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6562347"}, {"name": "ibm-datapower-cve202138910-sec-bypass (209824)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209824"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-09T00:00:00", "ID": "CVE-2021-38910", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DataPower Gateway", "version": {"version_data": [{"version_value": "2018.4.1.0"}, {"version_value": "10.0.1.0"}, {"version_value": "10.0.2.0"}, {"version_value": "10.0.1.5"}, {"version_value": "10.0.3.0"}, {"version_value": "2108.4.1.18"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "H", "AV": "N", "C": "N", "I": "L", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Bypass Security"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6562347", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6562347 (DataPower Gateway)", "url": "https://www.ibm.com/support/pages/node/6562347"}, {"name": "ibm-datapower-cve202138910-sec-bypass (209824)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209824"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:51:20.664Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6562347"}, {"name": "ibm-datapower-cve202138910-sec-bypass (209824)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209824"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38910", "datePublished": "2022-03-10T19:50:22.002Z", "dateReserved": "2021-08-16T00:00:00.000Z", "dateUpdated": "2024-09-16T19:31:42.892Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C242C00-2B08-4D30-8353-BC6EFF4C08BC", "versionEndIncluding": "10.0.1.5", "versionStartIncluding": "10.0.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "99FA702F-1D35-4553-BBE3-A94BE958641F", "versionEndIncluding": "2018.4.1.18", "versionStartIncluding": "2018.4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:10.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "12B6C926-133E-42AF-8FB9-4B23C3EBAF27", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:datapower_gateway:10.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B44C41B-CBDA-4000-9602-07D279BDEB03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824."}, {"lang": "es", "value": "IBM DataPower Gateway versiones V10CD, 10.0.1 y 2108.4.1, podr\u00eda permitir a un atacante remoto omitir las restricciones de seguridad, causado por una comprobaci\u00f3n incorrecta de la entrada. Al enviar un mensaje JSON especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para modificar la estructura y los campos. IBM X-Force ID: 209824"}], "id": "CVE-2021-38910", "lastModified": "2024-11-21T06:18:11.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T20:15:08.200", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209824"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6562347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6562347"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}