IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.
The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Application_gateway | Ibm | 20.01 (including) | 24.03 (including) |
| Security_verify_access | Ibm | 10.0.0 (including) | 10.0.7 (including) |