Clickjacking Vulnerability in IBM Jazz Foundation Products
CVE-2020-4547

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Workflow Management; Rational Engineering Lifecycle Manager; Rational Rhapsody Model Manager; Engineering Lifecycle Optimization
Vendor: CVE Published:; 27 January 2021

Summary

The vulnerability affects IBM Jazz Foundation products, enabling remote attackers to hijack user click actions. By tricking users into visiting a malicious site, attackers can exploit this flaw to gain control over user interactions, potentially leading to further security risks. The vulnerability emphasizes the need for enhanced security measures to protect users from such deceptive attacks.

Affected Version(s)

Engineering Lifecycle Optimization 7.0

Engineering Test Management 7.0.0

Engineering Workflow Management 7.0

References

https://www.ibm.com/support/pages/node/6408694

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/183315

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2021
Vulnerability Reserved
Dec 30, 2019