Security Bulletin: App Connect Enterprise Certified Container Dashboard is vulnerable to clickjacking (CVE-2020-4785)

2020-11-0213:11:20

www.ibm.com

0.001 Low

EPSS

Percentile

28.9%

JSON

Summary

App Connect Enterprise Certified Container Dashboard is vulnerable to a clickjacking attack that may cause an information leak.

Vulnerability Details

CVEID:CVE-2020-4785
**DESCRIPTION:**IBM App Connect Enterprise Certified Container could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189219 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
App Connect Enterprise Certified Container	1.0.0 with Operator
App Connect Enterprise Certified Container	1.0.1 with Operator
App Connect Enterprise Certified Container	1.0.2 with Operator
App Connect Enterprise Certified Container	1.0.3 with Operator
App Connect Enterprise Certified Container	1.0.4 with Operator

Remediation/Fixes

Upgrade to App Connect Enterprise Certified Container to Operator version 1.0.5 (available in CASE 1.0.6) or higher, and ensure that any Dashboard components are upgraded to 11.0.0.10-r2 or higher.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm app connect enterpriseeq1.0.0
ibm app connect enterpriseeq1.0.1
ibm app connect enterpriseeq1.0.2
ibm app connect enterpriseeq1.0.3
ibm app connect enterpriseeq1.0.4

Name	Operator	Version
ibm app connect enterprise	eq	1.0.0
ibm app connect enterprise	eq	1.0.1
ibm app connect enterprise	eq	1.0.2
ibm app connect enterprise	eq	1.0.3
ibm app connect enterprise	eq	1.0.4

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for 793F72097600A2CB8BBEED2DC5F34986BAC8E22977E4F4491CB95D6FDFFAE866