Remote Click Hijacking Vulnerability in IBM WebSphere Message Broker
CVE-2016-9010

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Integration Bus
Vendor: CVE Published:; 15 February 2017

What is CVE-2016-9010?

The vulnerability in IBM WebSphere Message Broker 9.0 and 10.0 allows remote attackers to manipulate users' click actions by directing them to malicious websites. This can result in unauthorized actions taken on behalf of the victim, potentially opening paths for further exploitation. Awareness of this issue is crucial for protecting sensitive operations and user data.

Affected Version(s)

Integration Bus 9.0.0.0

Integration Bus 9.0

Integration Bus 10

References

http://www.securityfocus.com/bid/96279

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg21997906

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2017
Vulnerability Reserved
Oct 25, 2016