Multiple vulnerabilities in IBM Application Gateway
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2022-31629 CVE-2020-17049 CVE-2024-37371 CVE-2024-28182 CVE-2024-2398 CVE-2024-2756 CVE-2024-2236 |
| CWE-ID | CWE-254 CWE-125 CWE-20 CWE-772 CWE-208 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
IBM Application Gateway Server applications / Application servers |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU67756
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-31629
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Security Features
EUVDB-ID: #VU48269
Risk: Low
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-17049
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Kerberos. A remote administrator can bypass authentication process and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU93519
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-37371
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling GSS message token. A remote attacker can send specially crafted token to the application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU88144
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28182
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Missing Release of Resource after Effective Lifetime
EUVDB-ID: #VU87850
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2398
CWE-ID:
CWE-772 - Missing Release of Resource after Effective Lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security features bypass
EUVDB-ID: #VU88483
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-2756
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Note, the vulnerability exists due to incomplete fix for #VU67756 (CVE-2022-31629).
Install update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU87339
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2236
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to an error in libgcrypt's RSA implementation. A remote attacker can initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Application Gateway: 19.12 - 24.12.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_application_gateway:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.01:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_application_gateway:20.04:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235709
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
