Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2, when a collective configuration is enabled, has a single secret key that is shared across different customers' installations, which allows remote attackers to spoof a container server by (1) sniffing the network to locate a cleartext transmission of this key or (2) leveraging knowledge of this key from another installation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM WebSphere DataPower XC10 Appliance 加密问题漏洞
Vulnerability Description
IBM WebSphere DataPower XC10是美国IBM公司的一套高速缓存平台。该平台可在对现有应用程序几乎不做任何更改的情况下对数据进行分布式高速缓存。 IBM WebSphere DataPower XC10 Appliance 2.0.0.0至2.0.0.3版本和2.1.0.0至2.1.0.2版本中存在漏洞,该漏洞源于集体配置启用时,程序的一个单一密钥将被不同的客户安装程序所共享。远程攻击者可通过(1)嗅探网络定位该密钥的明文传送或(2)利用来自其他安装程序的该密钥信息利用该漏洞欺骗容器
CVSS Information
N/A
Vulnerability Type
N/A