Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM192C84F4D2090CB5F4A3C7175CFBC2F40C307F448ACBE8F1DE92DA06A1187453
HistoryAug 31, 2020 - 6:08 p.m.

Security Bulletin: Multiple Vulnerabilities fixed in IBM Application Gateway

2020-08-3118:08:22
www.ibm.com
2
JSON

Summary

Multiple Security vulnerabilties have been fixed in the IBM Application Gateway product.

Vulnerability Details

CVEID:CVE-2020-4225
**DESCRIPTION:**IBM App Gateway does not properly validate the tenant configuration which could allow a local user to obtain highly sensitive information or perform unauthorized actions.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175205 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)

CVEID:CVE-2020-4523
**DESCRIPTION:**IBM Application Gateway could disclose sensitive server information to a user using a specially crafted HTTP request that could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182433 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Application Gateway 1.0
IBM Application Gateway 1.0

Remediation/Fixes

Fixes for IBM Application Gateway can be downloaded from the ibmcom Docker store.

docker pull ibmcom/ibm-application-gateway:20.07

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security verify accesseq20.07

Related

cve 2
cve
cve
CVE-2020-4523
2022-02-25 23:31:29
CVE-2020-4225
2022-02-25 23:31:29
JSON
Related for 192C84F4D2090CB5F4A3C7175CFBC2F40C307F448ACBE8F1DE92DA06A1187453
cve2