Main Vulnerability Database Vulnerabilities #VU60870

#VU60870 Spoofing attack in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - CVE-2021-39038

Published: February 25, 2022

Vulnerability identifier: #VU60870

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-39038

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM WebSphere Application Server
IBM WebSphere Application Server Liberty

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to incorrect processing of user-supplied data, when REST API discovery is configured through the WebSphere administrative console Web Container settings to enable the API Discovery service, or through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, apiDiscovery-1.0, openapi-3.0 or openapi-3.1. A remote attacker can perform clickjacking attack.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/6559044

#VU60870 Spoofing attack in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - CVE-2021-39038

Description

Remediation

External links

Please verify you're human