CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:datapower_gateway:*:*:*:*:*:*:*:*

Information

Published : 2015-11-08 14:59

Updated : 2015-11-09 12:25


NVD link : CVE-2015-7412

Mitre link : CVE-2015-7412


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

ibm

  • datapower_gateway