Remote Clickjacking Vulnerability in IBM i2 Enterprise Insight Analysis
CVE-2018-1504

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 December 2018

Summary

IBM i2 Enterprise Insight Analysis 2.1.7 is susceptible to a clickjacking vulnerability that can be exploited by a remote attacker. By convincing a victim to access a malicious website, attackers may hijack the victim's click actions, leading to unauthorized actions being executed on behalf of the user. This vulnerability could pave the way for further attacks, presenting serious security risks for users of the affected product.

Affected Version(s)

i2 Enterprise Insight Analysis 2.1.7

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.