IBM released a notice this morning stating that the IBM DataPower appliance is not vulnerable to the Shellshock vulnerabilities, also referred to as the Bash Bug and the two memory corruption vulnerabilities.
DataPower doesn’t use Bash anywhere and therefore it is not impacted by any of the Bash vulnerabilities.
Inparticular, dataPower in all editions and all platforms is NOT vulnerable to the Bash vulnerabilities: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278.
However, it is recommended that you review your entire environment to identify vulnerable releases of Bash ad take appropriate action where needed.
Source: http://www-01.ibm.com/support/docview.wss?uid=swg21685435&myns=swgws&mynp=OCSS9H2Y&mync=E