There are issue with HTTP header ‘X-Frame-Options’ not present. IBM Sterling Connect:Direct Browser has addressed the applicable CVEs.
CVEID:CVE-2021-20560
**DESCRIPTION:**IBM Sterling Connect:Direct Browser User Interface could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199229 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Sterling Connect:Direct Browser User Interface | 1.5.0.2 |
Sterling Connect:Direct Browser User Interface | 1.4.1.1 |
Apply 1.5.0.2 iFix-27, available in cumulative iFix028 on Fix Central
None
CPE | Name | Operator | Version |
---|---|---|---|
sterling connect:direct browser user interface | eq | 1.5.0.2 |