CVE-2020-4785 — UI Misrepresentation / Clickjacking in IBM APP Connect Enterprise Certified Container

CWE-1021 — UI Misrepresentation / Clickjacking3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 75.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Enterprise Certified Container

Timeline

PublishedNov 3

Latest updateMay 24

Description

IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/app_connect_enterprise_certified_container5 versions+4

▶NVDibm/app_connect_enterprise_certified_container5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-cm92-597m-5xpc: IBM App Connect Enterprise Certified Container 1↗2022-05-24

▶

CVEList

CVE-2020-4785: IBM App Connect Enterprise Certified Container 1↗2020-11-03

▶