Western Digital My Cloud Multiple Products < 2.12.127 / 2.20 - 2.30 < 2.31.149 Multiple Vulnerabilities

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM MQ Console is vulnerable to a Click-jacking attack. (CVE-2019-4285)

Summary The Liberty Admin Center, which is part of IBM WebSphere Liberty Profile used to host the IBM MQ Console, could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details CVEID: CVE-2019-4285 DESCRIPTION: IBM WebSphere Application Server - Liberty Admin...

Khan Academy: Khan Academy ClickJacking to Steal Users's Credintials

DESCRIPTION 1. It ask to login to https://alerta.khanacademy.org with google account. 2. It doesn't give access to any normal user. 3. That's why after trying to login with GOOGLE account it shows a error message prompt with user's sensitive information including email, code/access token and clie...

ADM Click Jack Vulnerability: X-Frame-Option/ Content-Security-Policy's frame ancestor entry missing

Vulnerability scanner detecting HTTP Click-Jacking vulnerability on the ADM management IP as the response from the ADM is missing theX-Frame-Options or the Content-Security-Policy’s frame ancestor option...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click...

Click Jacking

Samba is vulnerable to click-jacking attack. The attack exists because the Samba Web Administration Tool SWAT did not protect against being opened in a web page frame, allowing SWAT users or users with active session to trigger attack...

Security Bulletin: IBM Cloud Event Management is affected by a security vulnerability when using Microsoft Internet Explorer (CVE-2018-1365)

Summary IBM Cloud Event Management is affected by one or more security vulnerabilities. When using Internet Explorer, Cloud Event Management can be loaded in to an iframe that is not part of the Cloud Event Management system. If you do not load Cloud Event Management directly, your session might ...

Security Bulletin: IBM Alert Notification is affected by a security vulnerability when using Microsoft Internet Explorer (CVE-2018-1365)

Summary IBM Alert Notification is affected by one or more security vulnerabilities. When using Internet Explorer, Alert Notification can be loaded in to an iframe that is not part of the Alert Notification system. If you do not load Alert Notification directly, your session might be intercepted...

Security Bulletin: IBM Sterling B2B Integrator is affected by Click jacking vulnerability (CVE-2015-4992)

Summary A Click jacking also known as a "UI redress attack" vulnerability has been discovered in IBM Sterling B2B Integrator. Vulnerability Details CVEID: CVE-2015-4992 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to hijack the clicking action of the...

CVE-2018-0355

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

CVE-2018-0355

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

Cross site scripting

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

CVE-2018-0355

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

CVE-2018-0355

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

CVE-2018-0355

Cisco CUCM Web UI is affected by a Cross-Frame Scripting (XFS) vulnerability due to insufficient iframe protections. An unauthenticated, remote attacker could lure a user to an attacker-controlled page containing a malicious iframe, enabling clickjacking or other client-side browser attacks on th...

Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline...

Design/Logic Flaw

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...