vulnerability

IBM WebSphere Application Server: CVE-2019-4285: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jul 30, 2019	Sep 11, 2019	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jul 30, 2019

Added

Sep 11, 2019

Modified

Mar 27, 2026

Description

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.

Solutions

ibm-was-install-8-5-ph13994-libertyibm-was-upgrade-8-5-19-0-0-7-liberty

References

CVE-2019-4285
https://attackerkb.com/topics/CVE-2019-4285
CWE-1021
EUVD-EUVD-2019-13892
IBM-ibm10884064
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-13892
https://exchange.xforce.ibmcloud.com/vulnerabilities/160513
https://www.ibm.com/support/docview.wss?uid=ibm10884064

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report