CVE-2024-28787

EPSS 0.11%
Published 04.04.2024 18:15:14
Last modified 14.08.2025 18:54:13
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request.  IBM X-Force ID:  286584.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Application Gateway Version >= 20.01 <= 24.03

Ibm ≫ Security Verify Access Version >= 10.0.0 <= 10.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.295

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
psirt@us.ibm.com	8.7	2.2	5.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H

CWE-650 Trusting HTTP Permission Methods on the Server Side

The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.

https://exchange.xforce.ibmcloud.com/vulnerabilities/286584

Vendor Advisory

https://www.ibm.com/support/pages/node/7145828

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28787

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28787

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28787

EUVD