vulnerability

IBM WebSphere Application Server: CVE-2021-46708: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2022-03-11	2022-08-26	2022-08-26

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2022-03-11

Added

2022-08-26

Modified

2022-08-26

Description

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Solution(s)

ibm-was-install-8-5-ph44762-libertyibm-was-upgrade-8-5-22-0-0-2-liberty

References

CVE-2021-46708
https://attackerkb.com/topics/CVE-2021-46708

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today