Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server

CVE-2021-29827

5.2MEDIUM

Key Information

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 19 December 2024

Summary

IBM InfoSphere Information Server 11.7 is vulnerable to a cross-frame scripting vulnerability (CVE-2021-29827), allowing remote attackers to hijack the clicking actions of users. By tricking victims into visiting malicious websites, attackers can exploit this vulnerability, gaining the ability to manipulate user actions and launch further attacks. Organizations using this software should take immediate measures to mitigate potential risks associated with this critical vulnerability.

Affected Version(s)

InfoSphere Information Server = 11.7

References

https://www.ibm.com/support/pages/security-bulletin-ibm-i...

vendor-advisory

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2024

Collectors

NVD DatabaseMitre Database