IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/87560
http://www.ibm.com/support/docview.wss?uid=swg21653546