CVE-2023-42011

CWE-1021 — Clickjacking3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 83.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator Standard Edition IBM Sterling B2B Integrator

Timeline

PublishedJun 27

Description

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/sterling_b2b_integrator_standard_edition6.1, 6.2

▶NVDibm/sterling_b2b_integrator6.1, 6.2+1

🔴Vulnerability Details

CVEList

IBM Sterling B2B Integrator Standard Edition tapjacking↗2024-06-27

▶

GHSA

GHSA-74q4-h5rc-c98x: IBM Sterling B2B Integrator Standard Edition 6↗2024-06-27

▶