Clickjacking Vulnerability in IBM WebSphere Application Server
CVE-2021-39038

4.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
24 February 2022

Summary

This vulnerability exposes IBM WebSphere Application Server and its Liberty variant to clickjacking attacks, where an attacker can trick users into unintentionally clicking on malicious links or buttons by directing them to a deceptive webpage. Successful exploitation can lead to various attacks aimed at the victim, enabling the attacker to perform unauthorized actions or gain additional privileges. Mitigating this risk requires prompt updates and implementation of security best practices such as proper security headers.

Affected Version(s)

WebSphere Application Server 9.0

WebSphere Application Server Liberty 17.0.0.3

WebSphere Application Server Liberty 22.0.0.2

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.