Changeflow GovPing Data Privacy & Cybersecurity IBM DataPower Gateway Multiple Vulnerabilities ...
Priority review Notice Added Final

IBM DataPower Gateway Multiple Vulnerabilities Allow DoS and Data Manipulation

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 30th, 2026
Detected March 31st, 2026
Email

Summary

CERT-Bund issued security advisory WID-SEC-2026-0924 disclosing multiple vulnerabilities in IBM DataPower Gateway with CVSS Base Score 6.5 (medium) and CVSS Temporal Score 5.7 (medium). Affected versions include DataPower Gateway prior to 11.0.0.0, 10.6.0.9, 10.6.6.0, and 10.5.0.21. Remote attackers can exploit these flaws to conduct denial of service attacks and manipulate data. Mitigation measures are available.

View original document View source feed page

What changed

CERT-Bund identified multiple security vulnerabilities in IBM DataPower Gateway, a software solution used for enterprise security and integration requirements. The vulnerabilities affect versions prior to 11.0.0.0, 10.6.0.9, 10.6.6.0, and 10.5.0.21 running on Linux and UNIX operating systems. A remote attacker can exploit these flaws to conduct denial of service attacks and manipulate data. The CVSS Base Score is 6.5 (medium) and Temporal Score is 5.7 (medium).

Organizations using IBM DataPower Gateway should immediately identify whether they are running affected versions on their Linux or UNIX systems. If affected versions are in use, administrators should apply available patches to update to a secure version. Since mitigation measures are noted as available, organizations should review vendor recommendations and implement appropriate security controls to reduce exposure to remote attacks.

What to do next

  1. Identify whether your organization uses IBM DataPower Gateway on Linux or UNIX systems
  2. Check installed version against affected versions: < 11.0.0.0, < 10.6.0.9, < 10.6.6.0, < 10.5.0.21
  3. Apply available patches to update to a secure version and implement recommended mitigation measures

Source document (simplified)

[WID-SEC-2026-0924] IBM DataPower Gateway: Mehrere Schwachstellen CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.7 (mittel) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX

Produktbeschreibung

Das DataPower Gateway ist eine Software zur Unterstützung von Unternehmen bei der Erfüllung der Sicherheits- und Integrationsanforderungen.

Produkte

30.03.2026
- IBM DataPower Gateway <11.0.0.0

  • IBM DataPower Gateway <10.6.0.9

  • IBM DataPower Gateway <10.6.6.0

  • IBM DataPower Gateway <10.5.0.21

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuführen, und um Daten zu manipulieren. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de MongoDB DoS Vulnerability Advisory - CVSS 5.3
Routine Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de GNU libc Denial of Service Vulnerability
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Symantec Data Loss Prevention Privilege Escalation Vulnerability
Priority review Mar 31, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for changeflow.com Zero-Trust Policy Generation via Application Segmentation
Routine Mar 31, 2026 ChangeBridge: Patent Grants - Networking (H04L) Telecom & Technology
Favicon for www.cisa.gov Critical Authentication Bypass in PX4 Autopilot MAVLink Protocol
Urgent Mar 31, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for www.cisa.gov Critical Authentication Bypass Vulnerability in Anritsu Remote Spectrum Monitor
Urgent Mar 31, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 30th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
WID-SEC-2026-0924

Who this affects

Applies to
Government agencies Technology companies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management Cybersecurity
Threshold
IBM DataPower Gateway < 11.0.0.0, < 10.6.0.9, < 10.6.6.0, < 10.5.0.21 on Linux or UNIX
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Network Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 327 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.