CNNVD-202601-3211 Information

CNNVD ID

CNNVD-202601-3211

Related CVE

CVE-2025-36396

• CNNVD Published: 2026-01-20

Description (Chinese)

IBM Application Gateway是美国国际商业机器（IBM）公司的一个应用网关。提供了一个容器化的安全 Web 反向代理，该代理旨在位于您的应用程序之前，为您的应用程序无缝添加身份验证和授权保护。 IBM Application Gateway 23.10版本至25.09版本存在跨站脚本漏洞，该漏洞源于经过身份验证的用户可在Web UI中嵌入任意JavaScript代码，可能导致凭据泄露。

Description (English)

IBM Application Gateway is an application gateway for IBM. A secure web reverse agent for containerization is provided, which is intended to be located in front of your application and to add seamless authentication and authorization protection to your application. The IBM Application Gateway 23.10 to 25.09 has a cross-site script loophole, which stems from the fact that any JavaScript code can be embedded in Web UI by an identified user and could lead to a leak of evidence.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

国际商业机器

Published

2026-01-20

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7256857

Patch

https://www.ibm.com/products/application-gateway