Ibm: >> Application Gateway >> 24.03 Security Vulnerabilities
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-20
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-20
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-03
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.
CVSS Score
8.7
EPSS Score
0.001
Published
2024-04-04