Explainer Series: What is Clickjacking?

Here we go, another online trap ready to ensnare unsuspecting – well, until now anyway – users. As if Phishing, Cryptojacking, credential stuffing and old school scamming wasn’t enough, folks really just can’t catch a break these days. Anyway, we’re here to chat about clickjacking, for those of y...

IBM API Connect Clickjacking Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. A clickjacking vulnerability exists in IBM API Connect. A remote attacker can exploit this vulnerability by tricking a victim into visiting a malicious website to hijack the victim's click-through actions and potentially launch...

Shipt: Sensitive Clickjacking on admin login page.

A researcher identified that the 3rd party hosted login page for an externally-facing company tool is externally frameable and therefore potentially a vector for clickjacking...

Design/Logic Flaw

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface...

CVE-2017-13652

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface...

CVE-2017-13652

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface...

CVE-2017-13652

NetApp OnCommand Insight (affected: version 7.3.0 and versions prior to 7.2.0) is susceptible to clickjacking in its UI, which could cause a user to perform an unintended action. The description does not specify the underlying root cause or exact impact beyond this UI interaction risk, and no rem...

CVE-2017-13652

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface...

WordPress: Account takeover vulnerability by editor role privileged users/attackers via clickjacking

Vulnerability - Editor role privileged users are able to hack into other's account by exploiting clickjacking vulnerability. Version- 4.9.7 Issue- https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/why-are-some-users-allowed-to-post-unfiltered-html As mentioned pe...

CVE-2017-2658

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...

CVE-2017-2658

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...

Design/Logic Flaw

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...

CVE-2017-2658

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...

CVE-2017-2658

The CVE affects Red Hat JBoss BPM Suite <6.4.2 and JBoss Data Virtualization & Services

PT-2018-7163 · Red Hat · Red Hat Jboss Data Virtualization & Services +1

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss BPM Suite versions prior to 6.4.2 Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3 Description: A security issue was found in the Dashbuilder login page, which could be opened in an IFRAME. This allowed for t...

Dashbuilder: Lack of clickjacking protection on the login page

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

Low: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4 Update 3 security update

An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

Security Bulletin: Rational ClearCase and ClearQuest Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Summary Java API Documentation contains a frame injection vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVEID: CVE-2013-1571...

CVE-2018-12576

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking...

Security feature bypass

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking...