3797 matches found
RLSA-2022:2008 Moderate: cockpit security, bug fix, and enhancement update
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. The following packages have been upgraded to a later upstream version: cockpit 264....
CentOS 8 : cockpit (CESA-2022:2008)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:2008 advisory. - cockpit: pages vulnerable to clickjacking CVE-2021-3660 - cockpit: authenticates with revoked certificates CVE-2021-3698 Note that Nessus has not...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to a X-Frame-Options Header ClickJacking attack (CVE-2016-9719 )
Summary IBM InfoSphere Master Data Management is vulnerable to a X-Frame-Options Header ClickJacking attack a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. Vulnerability Details CVEID: CVE-2016-9719...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0,...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled as part of IBM Cloud Pak for Applications, are vulnerable to Clickjacking (CVE-2021-39038)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled as part of IBM Cloud Pak for Applications, are vulnerable to Clickjacking CVE-2021-39038 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty for IBM i contains swagger-ui which is vulnerable to spoofing and clickjacking attacks as described in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the vulnerabilities with a fix that upgrades...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled as part of IBM Websphere Hybrid Edition, are vulnerable to Clickjacking (CVE-2021-39038)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled as part of IBM Websphere Hybrid Edition, are vulnerable to Clickjacking CVE-2021-39038 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-23450, CVE-2021-39038)
Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Vulnerabilities (CVE-2021-39038, CVE-2021-23450) in IBM WebSphere Application Server may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology
Summary IBM Engineering Lifecycle Management ELM products based on IBM Jazz technology may integrate with IBM WebSphere Application Server WAS. Please review the following WAS Bulletins CVE-2021-39038, CVE-2021-23450 and take corrective actions. Vulnerability Details Refer to the security bulleti...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns are vulnerable to Clickjacking (CVE-2021-39038)
Summary IBM WebSphere Application Server is vulnerable to clickjacking when REST API discovery is configured through the WebSphere administrative console Web Container settings to enable the API Discovery service, or through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0,...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-23450, CVE-2021-39038)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Sylius has an unspecified vulnerability (CNVD-2022-22317)
Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius has a security vulnerability that stems from the possibility that an attacker-controlled page could load the website in an iframe. This would enable a clickjacking attack where an...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038)
Summary IBM WebSphere Application Server is vulnerable to clickjacking when REST API discovery is configured through the WebSphere administrative console Web Container settings to enable the API Discovery service, or through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0,...
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
...
Improper Restriction of Rendered UI Layers or Frames in Sylius
Impact It is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker Patches The issue is fixed in...
GHSA-4JP3-Q2QM-9FMW Improper Restriction of Rendered UI Layers or Frames in Sylius
Impact It is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker Patches The issue is fixed in...