1.5.0.2

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

ibm

CWE-1021

NVD

Published: 2021-07-26

Updated: 2021-08-04

Summary

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Sterling Connect Direct User Interface 1.4.1.1 IBM Sterling Connect Direct User Interface 1.5.0.2	2
OS	Hp HP HP UX -	1
OS	Ibm IBM AIX -	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1
OS	Oracle Oracle Solaris -	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References