Primary

Context

IBM DataPower Gateway Sensitive Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in IBM DataPower Gateway versions 10.6CD 10.6.1.0 through 10.6.5.0, 10.5.0 10.5.0.0 through 10.5.0.20, and 10.6.0 10.6.0.0 through 10.6.0.8. This vulnerability could allow an administrative user to access sensitive system information from other domains, which should have been restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system information from other domains, potentially allowing administrative users to see services they should not have access to.

Remediation

Users can upgrade to IBM DataPower Gateway 10.6.6.0, 10.5.0.21, or 10.6.0.9, depending on their current version. Instructions for downloading these updates are available in the IBM DataPower Gateway release notes.

Added: Apr 1, 2026, 10:06 PM

Updated: Apr 1, 2026, 10:06 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

4.5

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

4.5

remediation

7.7

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM DataPower Gateway Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM DataPower Gateway

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating