Clickjacking Vulnerability in IBM Sterling Connect:Direct Browser User Interface
CVE-2021-20560
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 26 July 2021
Summary
A remote attacker could exploit a vulnerability in IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 and 1.5.0.2. By tricking a victim into navigating to a malicious site, the attacker could hijack the victim's click actions. This could potentially allow the attacker to perform unauthorized actions on behalf of the victim, putting sensitive information at risk.
Affected Version(s)
Sterling Connect:Direct Browser User Interface 1.5.0.2
Sterling Connect:Direct Browser User Interface 1.4.1.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved