Clickjacking Vulnerability in IBM SmartCloud Analytics
CVE-2019-4215

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Smartcloud Analytics
Vendor: CVE Published:; 22 November 2019

Summary

IBM SmartCloud Analytics versions 1.3.1 through 1.3.5 are vulnerable to a clickjacking attack, where a remote attacker can manipulate the user's browser action. By enticing victims into visiting a specially crafted malicious website, an attacker may exploit this vulnerability to hijack the user's clicking behavior. This could lead to further security breaches, as unsuspecting users may inadvertently execute unintended actions on legitimate sites. For more details, visit the IBM support page or the IBM X-Force entry.

Affected Version(s)

SmartCloud Analytics 1.3.1

SmartCloud Analytics 1.3.2

SmartCloud Analytics 1.3.3

References

https://www.ibm.com/support/pages/node/1109769

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159186

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
Jan 3, 2019