7 matches found
CVE-2024-28787
IBM Security Verify Access and IBM Application Gateway are affected by CVE-2024-28787, with Information Disclosure and potential Denial of Service via a specially crafted HTTP request. Affected products/versions: IBM Security Verify Access Container and Appliance 10.0.0–10.0.7, IBM Application Ga...
CVE-2022-22387
CVE-2022-22387 affects IBM Application Gateway. A cross-site scripting vulnerability in the Web UI could allow embedding arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. The IBM Security Bulletin confirms affected product/version: IBM Application Gatewa...
CVE-2021-20576
CVE-2021-20576 affects IBM Application Gateway (IBM Application Gateway 1.0). A remote attacker could send a specially crafted HTTP GET request that could crash the application, indicating a potential denial of service. The NVD entry lists base scores of 5.0 (MEDIUM) CVSS2 and 7.5 (HIGH) CVSS3.1/...
CVE-2021-20575
CVE-2021-20575 concerns IBM Application Gateway (IBM Application Gateway 1.0) where the application allows web pages to be stored locally and readable by other users on the same system, causing an information disclosure. The vulnerability description and multiple connected sources confirm this lo...
CVE-2024-45655
CVE-2024-45655 affects IBM Application Gateway versions 19.12–24.09. The root cause is incorrect permissions assignment enabling a local privileged user to perform unauthorized actions. Documented impacts confirm local privilege escalation with the vulnerability. Remediation: IBM indicates upgrad...
CVE-2025-36397
Summary: CVE-2025-36397 affects IBM Application Gateway 23.10–25.09 and is a vulnerability to HTML injection (basic XSS) that could execute code in a victim’s browser within the hosting site’s security context. What’s affected: IBM Application Gateway 23.10–25.09 (also echoed across Red Hat and C...
CVE-2025-36396
IBM Application Gateway 23.10–25.09 is affected by a cross-site scripting vulnerability in the Web UI that an authenticated user can abuse to inject JavaScript, potentially exposing credentials in a trusted session. The CVE (CVE-2025-36396) is documented across NVD and vendor advisories, with a C...