Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM498BF4337F9182CBF5A6A9B7FA247BE22B32ECA0FE761B3BD42727138995AC41
HistoryApr 19, 2022 - 8:39 p.m.

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

2022-04-1920:39:55
www.ibm.com
3
ibm
websphere
liberty
vulnerable
spoofing
clickjacking
security
swagger-ui
cve-2018-25031
cve-2021-46708

EPSS

0.004

Percentile

73.0%

JSON

Summary

IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) and Version(s) Affecting Product(s) and Version(s)

IBM WebSphere Hybrid Edition

  • 5.1
    |

IBM WebSphere Application Server Liberty

  • 21.0.0.12 - 22.0.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH44762 as described in Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708) .

Workarounds and Mitigations

None

Related

ibm 36
github 2
cvelist 2
cve 2
veracode 3
packetstorm 1
prion 2
nvd 2
osv 3
zdt 1
exploitdb 1
ubuntucve 1
vulnrichment 1
ibm
ibm
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
2022-10-07 16:01:56
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Process Manager and IBM Business Automation Workflow
2022-09-14 15:28:14
Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities (CVE-2018-25031, CVE-2021-46708)
2022-05-05 16:56:12
github
github
Spoofing attack in swagger-ui-dist
2022-03-12 00:00:36
Spoofing attack in swagger-ui
2022-03-12 00:00:36
cvelist
cvelist
CVE-2021-46708
2022-03-11 06:47:56
CVE-2018-25031
2022-03-11 06:47:46
cve
cve
CVE-2021-46708
2022-03-11 07:15:07
CVE-2018-25031
2022-03-11 07:15:07
veracode
veracode
Clickjacking
2021-12-10 07:59:14
Clickjacking
2022-03-18 05:13:22
Spoofing Attack
2022-03-14 06:03:00
packetstorm
packetstorm
Swagger UI 4.1.3 Critical Information Misrepresentation
2023-04-20 00:00:00
prion
prion
Design/Logic Flaw
2022-03-11 07:15:00
Design/Logic Flaw
2022-03-11 07:15:00
nvd
nvd
CVE-2021-46708
2022-03-11 07:15:07
CVE-2018-25031
2022-03-11 07:15:07
osv
osv
Spoofing attack in swagger-ui-dist
2022-03-12 00:00:36
CVE-2018-25031
2022-03-11 07:15:07
Spoofing attack in swagger-ui
2022-03-12 00:00:36
zdt
zdt
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information Exploit
2023-04-20 00:00:00
exploitdb
exploitdb
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
2023-04-20 00:00:00
ubuntucve
ubuntucve
CVE-2018-25031
2022-03-11 00:00:00
vulnrichment
vulnrichment
CVE-2018-25031
2022-03-11 06:47:46

EPSS

0.004

Percentile

73.0%

JSON
Related for 498BF4337F9182CBF5A6A9B7FA247BE22B32ECA0FE761B3BD42727138995AC41
ibm36github2cvelist2cve2veracode3packetstorm1prion2nvd2osv3zdt1exploitdb1ubuntucve1vulnrichment1