Ibm Application Gateway vulnerabilities

CVE-2025-36397 [MEDIUM] CWE-80 CVE-2025-36397: IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVE-2025-36396 [MEDIUM] CWE-79 CVE-2025-36396: IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerabilit IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-45655 [MEDIUM] CWE-732 CVE-2024-45655: IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthori IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.

CVE-2024-28787 [HIGH] CWE-650 CVE-2024-28787: IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 cou IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

CVE-2022-22387 [MEDIUM] CWE-79 CVE-2022-22387: IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to em IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.

CVE-2021-20576 [HIGH] CVE-2021-20576: IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.

CVE-2021-20575 [LOW] CWE-922 CVE-2021-20575: IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.