WebSphere Message Broker / IBM Integration Bus WEBUI does not set X-FRAME-OPTIONS
CVEID: CVE-2016-9010**
DESCRIPTION:** IBM WebSphere Message Broker could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119398 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM Integration Bus V10 and V9
WebSphere Message Broker V8
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V10
| IT14670 | The fix is available in Fix Pack 10.0.0.7
<https://www-304.ibm.com/support/docview.wss?uid=swg24043068>
IBM Integration Bus| V9
| IT14670 | The fix is available in Fix Pack 9.0.0.7
<http://www-01.ibm.com/support/docview.wss?uid=swg24043227>
WebSphere Message Broker
| V8
| IT14670 | The fix is available in Fix Pack 8.0.0.8
<https://www-304.ibm.com/support/docview.wss?uid=swg24042925>
For unsupported versions of the product, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
The planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at :
http://www.ibm.com/support/docview.wss?rs=849&uid=swg27006308
None known