The VAPT tool is updating configurations? Are the configuration access points (GUI/XMI/REST/CLI) exposed to these threats in an unreasonable way (access via public internet or not fire walled to a vault-only controlled access point, etc.). We could get into an entire encyclopedia of "what ifs" in this world, and, in fact, we could "what if" everything into being compromised. The question becomes one of, "Are you taking all reasonable and known steps to prevent a threat-actor from changing your configurations."
For this (and that is after you've taken all reasonable and known steps in preventing threat-actors, internal and otherwise, from changing appliance configurations) you essentially have two choices:
- Take it to IBM and have them work on it.
- Proxy the management traffic and scan for such things during configuration changes.
------------------------------
Joseph Morgan
CEO - Independent
------------------------------
Original Message:
Sent: Thu January 29, 2026 05:22 AM
From: Umesh Chandra
Subject: Data Power is not validating the user inputs fields properly - Improper Input Validation.
Dear Team,
Recently VAPT was performed on IBM Data Power. Below point is the observation raised by Team.
Is there any solution to fix the above raised point.
Tool Used : Burp Suite
The application is not validating the user input fields properly at the server end. As a result, a malicious user may insert malicious scripts into the application and compromise it.
------------------------------
Umesh Chandra
------------------------------