CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
28.9%
WebSphere Application Server Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console and to provide web services support. The fix removes vulnerability CVE-2021-39038 that allows a remote attacker to hijack the clicking action of the victim.
CVEID:CVE-2021-39038
**DESCRIPTION:**IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM TXSeries for Multiplatforms | 8.2.0.0-8.2.0.2 |
IBM TXSeries for Multiplatforms | 9.1.0.0-9.1.0.2 |
IBM strongly recommends you apply the following fixes
Product
|
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM TXSeries for Multiplatforms v9.1
|
9.1.0.0
9.1.0.2
|
127740
|
Fix Central Link : http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_042022&source=SAR
IBM TXSeries for Multiplatforms v8.2
|
8.2.0.0
8.2.0.1
8.2.0.2
|
127740
|
Fix Central Link: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Liberty_042022&source=SAR
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | txseries_for_multiplatforms | any | cpe:2.3:a:ibm:txseries_for_multiplatforms:any:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
28.9%