The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.
http://www.securitytracker.com/id/1032025
http://www.securityfocus.com/bid/73916
http://www-01.ibm.com/support/docview.wss?uid=swg21701337
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07841
Source: Mitre, NVD
Published: 2015-04-06
Updated: 2026-05-06
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: Medium
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: Critical
EPSS: 0.0082