CVE-2021-3731 — UI Misrepresentation / Clickjacking in Ledgersmb

CWE-1021 — UI Misrepresentation / Clickjacking8 documents5 sources

Severity

4.7MEDIUMNVD

OSV9.6

EPSS

0.2%

top 63.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ledgersmb Ledgersmb Ledgersmb Debian Ledgersmb +1 more

Timeline

PublishedAug 23

Latest updateJul 17

Description

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/ledgersmb< ledgersmb 1.6.9+ds-2.1 (bookworm)

▶CVEListV5ledgersmb/ledgersmb_ledgersmbunspecified — 1.8.18

▶Debianledgersmb/ledgersmb< 1.6.9+ds-2+deb11u2+1

▶Ubuntuledgersmb/ledgersmb< 1.6.9+ds-1ubuntu0.1+5

▶NVDledgersmb/ledgersmb1.1.0 — 1.1.12+7

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

OSV

ledgersmb vulnerabilities↗2025-07-17

▶

GHSA

GHSA-vj43-qmpm-3qqp: LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'↗2022-05-24

▶

OSV

ledgersmb vulnerabilities↗2021-09-30

▶

OSV

CVE-2021-3731: LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'↗2021-08-23

▶

📋Vendor Advisories

Ubuntu

LedgerSMB vulnerabilities↗2025-07-17

▶

Ubuntu

LedgerSMB vulnerabilities↗2021-09-30

▶

Debian

CVE-2021-3731: ledgersmb - LedgerSMB does not sufficiently guard against being wrapped by other sites, maki...↗2021

▶