IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls, identity federation and mobile multi-factor authentication. An information disclosure vulnerability exists in IBM Security Verify Access Appliance and IBM Application Gateway, which can be exploited by an attacker to gain access to highly sensitive private information and cause a denial of service using a specially crafted HTTP request.