Security Bulletin: A vulnerability (CVE-2021-39028) in WebSphere Application Server Liberty affects IBM CICS TX Standard

Summary

WebSphere Application Server Liberty is used by IBM CICS TX Standard to provide a web based administration console and to provide web services support. The fix removes vulnerability CVE-2021-39038 that allows a remote attacker to hijack the clicking action of the victim.

Vulnerability Details

CVEID:CVE-2021-39038
**DESCRIPTION:**IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends you apply the following fix

Product

|

Version

|

Defect

|

Remediation / First Fix

—|—|—|—

IBM CICS TX Standard

|

11.1

|

127740

|

Fix Central Link: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix2&source=SAR

Workarounds and Mitigations

None