Skip to main content

Application Gateway

7 CVEs product

Monthly

CVE-2025-36397 MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36396 MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-45655 MEDIUM This Month

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

Authentication Bypass IBM Application Gateway
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-28787 CRITICAL Act Now

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Application Gateway Security Verify Access
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2022-22387 MEDIUM PATCH This Month

IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-20576 HIGH PATCH This Week

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Application Gateway Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-20575 LOW PATCH Monitor

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Application Gateway Security Verify Access
NVD
CVSS 3.1
3.3
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Application Gateway
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Application Gateway
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

Authentication Bypass IBM Application Gateway
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Application Gateway +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Application Gateway
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Application Gateway +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Application Gateway +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy