CVE-2018-1853 — UI Misrepresentation / Clickjacking in IBM Spectrum Protect Backup-archive Client

CWE-1021 — UI Misrepresentation / Clickjacking3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 68.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Protect Backup-archive Client IBM Spectrum Protect

Timeline

PublishedApr 8

Latest updateMay 13

Description

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDibm/spectrum_protect_backup-archive_client7.1.0.0 — 7.1.8.4+1

▶CVEListV5ibm/spectrum_protect7.1, 8.1+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-7r69-h68x-ph6g: IBM Tivoli Storage Manager (IBM Spectrum Protect 7↗2022-05-13

▶

CVEList

CVE-2018-1853: IBM Tivoli Storage Manager (IBM Spectrum Protect 7↗2019-04-08

▶