IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) and Version(s) | Affecting Product(s) and Version(s) |
---|
IBM WebSphere Hybrid Edition
IBM WebSphere Application Server Liberty
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH44762 as described in Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708) .
None