Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-4217 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Information Queue 1.0.0/1.0.1/1.0.2 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2019-05-28 | CVE-2019-7393 | Improper Restriction of Rendered UI Layers or Frames vulnerability in CA Risk Authentication and Strong Authentication A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | 4.3 |
| 2019-05-20 | CVE-2019-4058 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Bigfix Platform IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. | 6.5 |
| 2019-04-08 | CVE-2018-1853 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Spectrum Protect Backup-Archive Client IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2019-02-28 | CVE-2018-18496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. | 8.8 |
| 2019-02-19 | CVE-2019-5767 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | 6.5 |
| 2019-01-09 | CVE-2018-16172 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cybozu Remote Service Manager Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. | 6.5 |
| 2019-01-09 | CVE-2018-6178 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. | 4.3 |
| 2018-12-19 | CVE-2018-17192 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Apache Nifi The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. | 6.5 |
| 2018-12-13 | CVE-2018-1803 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Access Manager IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |