IBM Application Gateway
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Application Gateway.
By the Year
In 2026 there have been 2 vulnerabilities in IBM Application Gateway with an average score of 5.4 out of ten. Last year, in 2025 Application Gateway had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.10
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 5.40 |
| 2025 | 1 | 5.50 |
| 2024 | 1 | 10.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 5.40 |
| 2021 | 2 | 0.00 |
It may take a day or so for new Application Gateway vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Application Gateway Security Vulnerabilities
IBM Application Gateway 23.1025.09 HTML Injection Vulnerability
CVE-2025-36397
5.4 - Medium
- January 20, 2026
IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Basic XSS
IBM Application Gateway 23.1025.09 XSS via Authenticated User Web UI Injection
CVE-2025-36396
5.4 - Medium
- January 20, 2026
IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM AppGateway 19.12-24.09 Local Priv Escalation via Permission Error
CVE-2024-45655
5.5 - Medium
- June 03, 2025
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
Incorrect Permission Assignment for Critical Resource
IBM Verify Acc 10.0-10.0.7: Remote Info Disclosure & DoS via HTTP Handler
CVE-2024-28787
10 - Critical
- April 04, 2024
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.
Trusting HTTP Permission Methods on the Server Side
IBM App Gateway XSS Enables JS Injection via Web UI
CVE-2022-22387
5.4 - Medium
- September 28, 2022
IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.
XSS
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request
CVE-2021-20576
- June 01, 2021
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash.
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system
CVE-2021-20575
- June 01, 2021
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Application Gateway or by IBM? Click the Watch button to subscribe.
