IBM Security Verify Access Vulnerabilities Could Lead to Sensitive Data Exposure or Denial of Service
CVE-2024-28787

10CRITICAL

Key Information:

Vendor

IBM

Vendor
CVE Published:
4 April 2024

What is CVE-2024-28787?

IBM Security Verify Access versions 10.0.0 through 10.0.7 and IBM Application Gateway versions 20.01 through 24.03 are susceptible to exploitation via specially crafted HTTP requests. An attacker could leverage this vulnerability to gain access to sensitive private information, which could significantly compromise security and privacy. Furthermore, this vulnerability may enable attempts to cause denial of service, impacting the availability of affected services.

References

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.