Details of VAR-201004-0454

ID

VAR-201004-0454

CVE

CVE-2010-1612

TITLE

IBM WebSphere DataPower XML Accelerator XA35 Service disruption in products such as (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-004723

DESCRIPTION

The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address. IBM WebSphere DataPower XML Security Gateway The XS40 is a 1U rack-mounted network appliance that simplifies, accelerates, and helps secure service-oriented architecture (SOA). When using the QLOGIC Ethernet interface, remote attackers can send malformations to the 0.0.0.0 target IP address. The ICMP packet then triggers a denial of service (interface interrupt). IBM Datapower XS40 is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to hang, denying service to legitimate users. IBM Datapower XS40 firmware 3.7.2.1 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2010-1612 // JVNDB: JVNDB-2010-004723 // CNVD: CNVD-2010-4690 // BID: 37952 // VULHUB: VHN-44217

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-4690

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.8.0.0	Trust: 1.8
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.9	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.4	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.8	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.3	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.7	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.6	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.5	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.2	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	lte	version:	3.7.3.10	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.8.0.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.6	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	lte	version:	3.7.3.10	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.8.0.0	Trust: 1.0
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.8.0.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.7	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.9	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.9	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.5	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.8.0.0	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.8.0.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.8.0.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.9	Trust: 1.0
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.8.0.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.8.0.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.7	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	lte	version:	3.7.3.10	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.6	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.8.0.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.8	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.9	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.8.0.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.8.0.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.8.0.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.7	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.8.0.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.8.0.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.8.03	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	lte	version:	3.7.3.10	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.8	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.3.5	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.8.0.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.8.0.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.6	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.7.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.5	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.8.0.0	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.8.0.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.8	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.8.0.2	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.6	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.8.0.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.8.0.0	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	eq	version:	3.8.0.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	lte	version:	3.7.3.10	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.1	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.7.3.8	Trust: 1.0
vendor:	ibm	model:	websphere datapower b2b appliance xb60	scope:	eq	version:	3.7.3.5	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.7	Trust: 1.0
vendor:	ibm	model:	websphere datapower datapower integration appliance xi50	scope:	eq	version:	3.8.0.4	Trust: 1.0
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	eq	version:	3.7.3.2	Trust: 1.0
vendor:	ibm	model:	datapower xs40	scope:	eq	version:	3.7.2.1	Trust: 0.9
vendor:	ibm	model:	websphere datapower b2b the appliance xb60	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower integration the appliance xi50	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower xml accelerator xa35	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower low latency the appliance xm70	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	websphere datapower xml security gateway xs40	scope:	lt	version:	soa appliances	Trust: 0.8
vendor:	ibm	model:	websphere datapower low latency appliance xm70	scope:	eq	version:	3.7.3.10	Trust: 0.6
vendor:	ibm	model:	datapower xs40	scope:	ne	version:	3.8.0.0	Trust: 0.3

sources: CNVD: CNVD-2010-4690 // BID: 37952 // JVNDB: JVNDB-2010-004723 // CNNVD: CNNVD-201004-501 // NVD: CVE-2010-1612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-1612
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-1612
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2010-4690
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201004-501
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44217
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-1612
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2010-4690
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-44217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2010-4690 // VULHUB: VHN-44217 // JVNDB: JVNDB-2010-004723 // CNNVD: CNNVD-201004-501 // NVD: CVE-2010-1612

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2010-004723 // NVD: CVE-2010-1612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-501

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201004-501

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004723

PATCH

title:	4024774	url:	http://www-01.ibm.com/support/docview.wss?uid=swg24024774	Trust: 0.8
title:	IBM Datapower XS40 malformed ICMP packet remote denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/37375	Trust: 0.6

sources: CNVD: CNVD-2010-4690 // JVNDB: JVNDB-2010-004723

EXTERNAL IDS

db:	NVD	id:	CVE-2010-1612	Trust: 3.4
db:	BID	id:	37952	Trust: 2.6
db:	JVNDB	id:	JVNDB-2010-004723	Trust: 0.8
db:	CNNVD	id:	CNNVD-201004-501	Trust: 0.7
db:	CNVD	id:	CNVD-2010-4690	Trust: 0.6
db:	NSFOCUS	id:	14415	Trust: 0.6
db:	BUGTRAQ	id:	20100126 [IBM DATAPOWER XS40] DENIAL OF SERVICE	Trust: 0.6
db:	AIXAPAR	id:	IC61364	Trust: 0.6
db:	VULHUB	id:	VHN-44217	Trust: 0.1

sources: CNVD: CNVD-2010-4690 // VULHUB: VHN-44217 // BID: 37952 // JVNDB: JVNDB-2010-004723 // CNNVD: CNNVD-201004-501 // NVD: CVE-2010-1612

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic61364	Trust: 1.7
url:	http://www.securityfocus.com/bid/37952	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24024770	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24024771	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24024772	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24024773	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24024774	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/509163/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1612	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1612	Trust: 0.8
url:	http://www.securityfocus.com/bid/37952/info	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/509163/100/0/threaded	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/14415	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?rs=2362&uid=swg1ic61364	Trust: 0.3
url:	/archive/1/509163	Trust: 0.3

sources: CNVD: CNVD-2010-4690 // VULHUB: VHN-44217 // BID: 37952 // JVNDB: JVNDB-2010-004723 // CNNVD: CNNVD-201004-501 // NVD: CVE-2010-1612

CREDITS

ErikA

Trust: 0.9

sources: BID: 37952 // CNNVD: CNNVD-201004-501

SOURCES

db:	CNVD	id:	CNVD-2010-4690
db:	VULHUB	id:	VHN-44217
db:	BID	id:	37952
db:	JVNDB	id:	JVNDB-2010-004723
db:	CNNVD	id:	CNNVD-201004-501
db:	NVD	id:	CVE-2010-1612

LAST UPDATE DATE

2025-04-11T22:54:19.480000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-4690	date:	2010-04-29T00:00:00
db:	VULHUB	id:	VHN-44217	date:	2018-10-10T00:00:00
db:	BID	id:	37952	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-004723	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201004-501	date:	2010-04-30T00:00:00
db:	NVD	id:	CVE-2010-1612	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-4690	date:	2010-04-29T00:00:00
db:	VULHUB	id:	VHN-44217	date:	2010-04-29T00:00:00
db:	BID	id:	37952	date:	2010-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2010-004723	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201004-501	date:	2010-01-26T00:00:00
db:	NVD	id:	CVE-2010-1612	date:	2010-04-29T19:30:00.620