Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server
CVE-2021-29827

5.2MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
19 December 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

IBM InfoSphere Information Server 11.7 is vulnerable to a cross-frame scripting vulnerability (CVE-2021-29827), allowing remote attackers to hijack the clicking actions of users. By tricking victims into visiting malicious websites, attackers can exploit this vulnerability, gaining the ability to manipulate user actions and launch further attacks. Organizations using this software should take immediate measures to mitigate potential risks associated with this critical vulnerability.

Affected Version(s)

InfoSphere Information Server 11.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.