CVE-2024-28787

Name of the Vulnerable Software and Affected Versions IBM Security Verify Access versions 10.0.0 through 10.0.7 IBM Application Gateway versions 20.01 through 24.03

Description The issue allows a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request.

Recommendations For IBM Security Verify Access versions 10.0.0 through 10.0.7, update to a version outside of the affected range to resolve the issue. For IBM Application Gateway versions 20.01 through 24.03, update to a version outside of the affected range to resolve the issue. As a temporary workaround, consider restricting access to the HTTP endpoint to minimize the risk of exploitation.