IBM Security Verify Access Vulnerabilities Could Lead to Sensitive Data Exposure or Denial of Service
CVE-2024-28787

10CRITICAL

Key Information:

Vendor: IBM
Status: Security Verify Access; Application Gateway
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-28787?

IBM Security Verify Access versions 10.0.0 through 10.0.7 and IBM Application Gateway versions 20.01 through 24.03 are susceptible to exploitation via specially crafted HTTP requests. An attacker could leverage this vulnerability to gain access to sensitive private information, which could significantly compromise security and privacy. Furthermore, this vulnerability may enable attempts to cause denial of service, impacting the availability of affected services.

References

https://www.ibm.com/support/pages/node/7145828

https://exchange.xforce.ibmcloud.com/vulnerabilities/286584

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2024

JSON