Improper Input Validation in IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 Allows Remote Security Bypass

Improper Input Validation in IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 Allows Remote Security Bypass

CVE-2021-38910 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.

Learn more about our Web Application Penetration Testing UK.