Login Sign Up

CVE-2021-38872

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in IBM DataPower Gateway allows a remote attacker to cause a denial of service by sending multiple requests that consume system resources. Affected versions include 10.0.1.0-10.0.3.0 and 2018.4.1.0-2018.4.1.17, potentially disrupting service availability.

💻 Affected Systems

Products:
  • IBM DataPower Gateway
Versions: 10.0.1.0 through 10.0.1.4, 10.0.2.0, 10.0.3.0, 2018.4.1.0 through 2018.4.1.17
Operating Systems: IBM DataPower OS
Default Config Vulnerable: ⚠️ Yes
Notes: All affected versions in default configuration are vulnerable to this resource consumption attack.

📦 What is this software?

Datapower Gateway by Ibm

View all CVEs affecting Datapower Gateway →

Datapower Gateway by Ibm

View all CVEs affecting Datapower Gateway →

Datapower Gateway by Ibm

View all CVEs affecting Datapower Gateway →

Datapower Gateway by Ibm

View all CVEs affecting Datapower Gateway →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage making the DataPower Gateway unavailable to legitimate users, potentially affecting downstream applications and business operations.

🟠

Likely Case

Degraded performance or intermittent service disruptions due to resource exhaustion, impacting application availability.

🟢

If Mitigated

Minimal impact with proper rate limiting, resource monitoring, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and can be exploited by sending multiple requests, making it relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.1.5, 10.0.2.1, 10.0.3.1, 2018.4.1.18 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/6586704

Restart Required: Yes

Instructions:

1. Download the appropriate fix from IBM Fix Central. 2. Apply the fix following IBM's DataPower firmware update procedures. 3. Restart the DataPower Gateway service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Rate Limiting Configuration

all

Implement rate limiting on DataPower Gateway to restrict the number of requests from individual sources.

Configure via DataPower WebGUI: Objects > Processing Action > Rate Limit Policy

Network Access Controls

all

Restrict network access to DataPower Gateway using firewalls or network segmentation.

Implement firewall rules to limit source IP addresses allowed to connect to DataPower Gateway

🧯 If You Can't Patch

  • Implement strict rate limiting and request throttling on the DataPower Gateway
  • Deploy network-based DDoS protection or WAF in front of the vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check the DataPower Gateway version via CLI: 'show version' and compare against affected versions.

Check Version:

show version

Verify Fix Applied:

Verify the version is updated to a fixed version (10.0.1.5+, 10.0.2.1+, 10.0.3.1+, or 2018.4.1.18+) using 'show version' command.

📡 Detection & Monitoring

Log Indicators:

  • Unusually high request rates from single sources
  • Resource exhaustion warnings in system logs
  • Increased error rates or timeouts

Network Indicators:

  • Spike in incoming requests to DataPower Gateway
  • Abnormal traffic patterns from suspicious sources

SIEM Query:

source="datapower" AND ("resource exhaustion" OR "high request rate" OR "denial of service")

📊 Metadata

CVE ID: CVE-2021-38872
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: May 17, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON