A ClickJacking (also known as a “UI redress attack”) vulnerability has been discovered in IBM Security Network Protection.
CVE-ID:CVE-2014-6197
Description: A clickjacking vulnerability in IBM Security Network Protection could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim’s click actions or launch further attacks on the system.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98609 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
**Products:IBM Security Network Protection****(XGS)**models 3100, 4100, 5100, 7100
Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3
IBM has provided patches for versions 5.2 and 5.3. Follow the installation instructions in the README files included with the patch.
5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2
http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005&continue=1
5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001 for IBM Security Network Protection products at version 5.3
http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001&continue=1
For the 5.1.x versions of Network Protection, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None