Lucene search

China National Vulnerability DatabaseCNVD-2024-19025

HistoryApr 09, 2024 - 12:00 a.m.

IBM Security Verify Access Appliance and IBM Application Gateway Information Disclosure Vulnerability

2024-04-0900:00:00

China National Vulnerability Database

www.cnvd.org.cn

ibm

security

access

vulnerability

information

disclosure

appliance

application

gateway

exploited

attacker

sensitive

denial of service

http

risk-based access

single sign-on

identity federation

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls, identity federation and mobile multi-factor authentication. An information disclosure vulnerability exists in IBM Security Verify Access Appliance and IBM Application Gateway, which can be exploited by an attacker to gain access to highly sensitive private information and cause a denial of service using a specially crafted HTTP request.

CPENameOperatorVersion
ibm ibm security verify access appliance >=10.0.0，le10.0.7
ibm security verify access >=10.0.0，le10.0.7
ibm ibm application gateway >=20.01，le24.03

Name	Operator	Version
ibm ibm security verify access appliance >=10.0.0，	le	10.0.7
ibm security verify access >=10.0.0，	le	10.0.7
ibm ibm application gateway >=20.01，	le	24.03