Clickjacking Vulnerability in IBM WebSphere Application Server
CVE-2021-39038

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server Liberty; Websphere Application Server
Vendor: CVE Published:; 24 February 2022

Summary

This vulnerability exposes IBM WebSphere Application Server and its Liberty variant to clickjacking attacks, where an attacker can trick users into unintentionally clicking on malicious links or buttons by directing them to a deceptive webpage. Successful exploitation can lead to various attacks aimed at the victim, enabling the attacker to perform unauthorized actions or gain additional privileges. Mitigating this risk requires prompt updates and implementation of security best practices such as proper security headers.

Affected Version(s)

WebSphere Application Server 9.0

WebSphere Application Server Liberty 17.0.0.3

WebSphere Application Server Liberty 22.0.0.2

References

https://www.ibm.com/support/pages/node/6559044

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/213968

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Aug 16, 2021