CVE-2024-28787

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/286584
https://www.ibm.com/support/pages/node/7145828
https://exchange.xforce.ibmcloud.com/vulnerabilities/286584
https://www.ibm.com/support/pages/node/7145828

Configurations

No configuration.

History

21 Nov 2024, 09:06

Type	Values Removed	Values Added
Summary		(es) IBM Security Verify Access 10.0.0 a 10.0.7 e IBM Application Gateway 20.01 a 24.03 podrían permitir a un atacante remoto obtener información privada altamente confidencial o provocar una denegación de servicio mediante una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 286584.
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/286584 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/286584 -
References	~~() https://www.ibm.com/support/pages/node/7145828 -~~	() https://www.ibm.com/support/pages/node/7145828 -

04 Apr 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-04 18:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28787

Mitre link : CVE-2024-28787

CVE.ORG link : CVE-2024-28787

JSON object : View

Products Affected

No product.

CWE

CWE-650

Trusting HTTP Permission Methods on the Server Side

8.7 /10