Multiple Security vulnerabilties have been fixed in the IBM Application Gateway product.
CVEID:CVE-2020-4225
**DESCRIPTION:**IBM App Gateway does not properly validate the tenant configuration which could allow a local user to obtain highly sensitive information or perform unauthorized actions.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175205 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)
CVEID:CVE-2020-4523
**DESCRIPTION:**IBM Application Gateway could disclose sensitive server information to a user using a specially crafted HTTP request that could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182433 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Application Gateway | 1.0 |
IBM Application Gateway | 1.0 |
Fixes for IBM Application Gateway can be downloaded from the ibmcom Docker store.
docker pull ibmcom/ibm-application-gateway:20.07
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security verify access | eq | 20.07 |