Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM73441D85BBEBD7C906E96BE188B14C53D97473FFE172C076CDE185E0B04105B9
HistoryFeb 14, 2023 - 9:04 p.m.

Security Bulletin: A vulnerability (CVE-2021-39028) in WebSphere Application Server Liberty affects IBM CICS TX Advanced

2023-02-1421:04:36
www.ibm.com
5
vulnerability
websphere application server liberty
ibm cics tx advanced
remote attacker
hijack
click actions
fix
product version

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.1%

JSON

Summary

WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console and to provide web services support. The fix removes vulnerability CVE-2021-39038 that allows a remote attacker to hijack the clicking action of the victim.

Vulnerability Details

CVEID:CVE-2021-39038
**DESCRIPTION:**IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS TX Advanced 10.1
IBM CICS TX Advanced 11.1

Remediation/Fixes

IBM strongly recommends that you apply the following fixes

Product

|

Version

|

Defect

|

Remediation / First Fix

—|—|—|—

IBM CICS TX Advanced

|

11.1

|

127740

|

Fix Central Link

IBM CICS TX Advanced

|

10.1

|

127740

| Fix Central Link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_txMatch10.1
OR
ibmcics_txMatch11.1
CPENameOperatorVersion
cics txeq10.1
cics txeq11.1

Related

ibm 47
prion 2
cvelist 2
nvd 2
cve 2
nessus 2
ibm
ibm
Security Bulletin: A vulnerability (CVE-2021-39028) in WebSphere Application Server Liberty affects IBM CICS TX Standard
2023-02-14 21:14:53
Security Bulletin: A vulnerability (CVE-2021-39028) in WebSphere Application Server Liberty affects IBM TXSeries for Multiplatforms
2022-06-09 10:20:12
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2021-39038)
2022-04-11 11:55:16
prion
prion
Design/Logic Flaw
2022-02-24 17:15:00
Cross site scripting
2022-07-14 17:15:00
cvelist
cvelist
CVE-2021-39028
2022-07-13 00:00:00
CVE-2021-39038
2022-02-23 00:00:00
nvd
nvd
CVE-2021-39028
2022-07-14 17:15:08
CVE-2021-39038
2022-02-24 17:15:07
cve
cve
CVE-2021-39028
2022-07-14 17:15:08
CVE-2021-39038
2022-02-24 17:15:07
nessus
nessus
IBM WebSphere Application Server 9.x < 9.0.5.12 Clickjacking
2022-03-03 00:00:00
IBM WebSphere Application Server Liberty 17.0.0.3 < 22.0.0.3 Clickjacking (6559044)
2022-03-03 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.1%

JSON
Related for 73441D85BBEBD7C906E96BE188B14C53D97473FFE172C076CDE185E0B04105B9
ibm47prion2cvelist2nvd2cve2nessus2