Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server
CVE-2021-29827
Summary
IBM InfoSphere Information Server 11.7 is vulnerable to a cross-frame scripting vulnerability (CVE-2021-29827), allowing remote attackers to hijack the clicking actions of users. By tricking victims into visiting malicious websites, attackers can exploit this vulnerability, gaining the ability to manipulate user actions and launch further attacks. Organizations using this software should take immediate measures to mitigate potential risks associated with this critical vulnerability.
Affected Version(s)
InfoSphere Information Server 11.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published