CVE-2024-28787

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/286584
https://www.ibm.com/support/pages/node/7145828

Configurations

No configuration.

History

04 Apr 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-04 18:15

Updated : 2024-04-04 19:24

NVD link : CVE-2024-28787

Mitre link : CVE-2024-28787

CVE.ORG link : CVE-2024-28787

JSON object : View

Products Affected

No product.

CWE

CWE-650

Trusting HTTP Permission Methods on the Server Side

8.7 /10