Clickjacking Vulnerability in IBM WebSphere Application Server
CVE-2021-39038
4.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 24 February 2022
Summary
This vulnerability exposes IBM WebSphere Application Server and its Liberty variant to clickjacking attacks, where an attacker can trick users into unintentionally clicking on malicious links or buttons by directing them to a deceptive webpage. Successful exploitation can lead to various attacks aimed at the victim, enabling the attacker to perform unauthorized actions or gain additional privileges. Mitigating this risk requires prompt updates and implementation of security best practices such as proper security headers.
Affected Version(s)
WebSphere Application Server 9.0
WebSphere Application Server Liberty 17.0.0.3
WebSphere Application Server Liberty 22.0.0.2
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved