CVE-2014-6138

Published: Dec 12, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors.

Affected (2)

Products: Ibm: Websphere Datapower Xc10 Appliance Firmware

Ibm

1 product

Websphere Datapower Xc10 Appliance Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Datapower Xc10 Appliance Firmware	Version 2.1.0.0
Ibm Websphere Datapower Xc10 Appliance Firmware	Version 2.5.0.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/96852

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/96852

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.