Clickjacking Vulnerability in IBM Security Identity Manager Virtual Appliance
CVE-2016-0357

4.3MEDIUM

Key Information:

Vendor

IBM
Status
Security Identity Manager Adapter
Vendor
CVE Published:
15 July 2016

What is CVE-2016-0357?

The vulnerability in IBM Security Identity Manager Virtual Appliance versions 7.0.0.0 to 7.0.1.1 enables remote attackers to perform clickjacking attacks. This occurs when attackers trick users into interacting with a webpage without their knowledge, potentially leading to unauthorized actions being performed as a result of user clicks on hidden or disguised elements. It is essential to apply the appropriate patches and follow security best practices to mitigate the risk associated with this vulnerability.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985736
x_refsource_CONFIRM
http://www.securityfocus.com/bid/87528
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036255
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.