8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
IBM Security Verify Access Appliance/Container and IBM Application Gateway are vulnerable to information disclosure or denial of service due to a specially crafted HTTP request. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2024-28787
**DESCRIPTION:**IBM Security Verify could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request.
CVSS Base score: 8.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286584 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Access Container | 10.0.0 - 10.0.7 |
IBM Security Verify Access Appliance | 10.0.0 - 10.0.7 |
IBM Application Gateway | 20.01 - 24.03 |
IBM encourages customers to update their systems promptly.
IBM Security Verify Access Container
Where [tag] is the latest published version and can be confirmed here.
For the IBM Security Verify Access appliance
Affected Products and Versions
|
Fix availability
β|β
IBM Security Verify Access Appliance 10.0.0.0
|
For the IBM Application Gateway Container
Where [tag] is the latest published version and can be confirmed here.
None
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H
6.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%