CVE-2024-49796UI Misrepresentation / Clickjacking in IBM Applinx

CWE-1021UI Misrepresentation / ClickjackingCWE-451User Interface (UI) Misrepresentation of Critical Information3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 84.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Applinx
Timeline
PublishedFeb 6

Description

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/applinx11.1
NVDibm/applinx11.1.0

🔴Vulnerability Details

2
GHSA
GHSA-5f2r-hqc4-68xm: IBM ApplinX 112025-02-06
CVEList
IBM ApplinX Clickjacking2025-02-05
CVE-2024-49796 — UI Misrepresentation / Clickjacking | cvebase