Information disclosure in Ibm Datapower_gateway

CVE-2015-7412

The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote att…

Vulnerability class: Information Disclosure

EPSS: 0.002 (43.8th percentile) — read the EPSS interpretation.

Affected products

Ibm Datapower_gateway
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
IT10701 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)