Lucene search

K
cveIbmCVE-2024-28787
HistoryApr 04, 2024 - 6:15 p.m.

CVE-2024-28787

2024-04-0418:15:14
CWE-650
ibm
web.nvd.nist.gov
59
ibm
security
verify access
application gateway
vulnerability
remote attacker
sensitive information
denial of service
http request
ibm x-force id
cve-2024-28787
nvd

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0

Percentile

9.0%

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

Affected configurations

Vulners
Node
ibmsecurity_verify_accessRange10.0.010.0.7
OR
ibmsecurity_verify_accessRange10.0.010.0.7
OR
ibmapplication_gatewayRange20.0124.03
VendorProductVersionCPE
ibmsecurity_verify_access*cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
ibmapplication_gateway*cpe:2.3:a:ibm:application_gateway:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Access Container",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "10.0.7",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Access Appliance",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "10.0.7",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Application Gateway",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "24.03",
        "status": "affected",
        "version": "20.01",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0

Percentile

9.0%

Related for CVE-2024-28787