Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server
CVE-2021-29827

5.2MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 19 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-29827?

IBM InfoSphere Information Server 11.7 is vulnerable to a cross-frame scripting vulnerability (CVE-2021-29827), allowing remote attackers to hijack the clicking actions of users. By tricking victims into visiting malicious websites, attackers can exploit this vulnerability, gaining the ability to manipulate user actions and launch further attacks. Organizations using this software should take immediate measures to mitigate potential risks associated with this critical vulnerability.

Affected Version(s)

InfoSphere Information Server 11.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-29827 - Proof of Concept

References

https://www.ibm.com/support/pages/security-bulletin-ibm-i...

vendor-advisory

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 19, 2024
👾
Exploit known to exist
Dec 19, 2024
Vulnerability published
Dec 19, 2024