Application Gateway
CVE-2024-28787
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.
AnalysisAI
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-650. IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. Affected products include: Ibm Application Gateway, Ibm Security Verify Access. Version information: through 10.0.7.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Application Gateway
View allIBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could c
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to i
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HT
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenti
IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is r
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today