Lucene search

IBM6B3918B3CB55F64A90B2F118D94DC924B3F5FD5F8FA239EECE6B3FC877B7CA19

HistoryJun 09, 2022 - 10:20 a.m.

Security Bulletin: A vulnerability (CVE-2021-39028) in WebSphere Application Server Liberty affects IBM TXSeries for Multiplatforms

2022-06-0910:20:12

www.ibm.com

ibm

websphere application server

liberty

txseries

multiplatforms

cve-2021-39038

vulnerability

remote attacker

hijack

clicking action

fix

8.2.0.0

8.2.0.1

8.2.0.2

9.1.0.0

9.1.0.2

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.9%

JSON

Summary

WebSphere Application Server Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console and to provide web services support. The fix removes vulnerability CVE-2021-39038 that allows a remote attacker to hijack the clicking action of the victim.

Vulnerability Details

CVEID:CVE-2021-39038
**DESCRIPTION:**IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TXSeries for Multiplatforms	8.2.0.0-8.2.0.2
IBM TXSeries for Multiplatforms	9.1.0.0-9.1.0.2

Remediation/Fixes

IBM strongly recommends you apply the following fixes

Product

Version

Defect

Remediation / First Fix

—|—|—|—

IBM TXSeries for Multiplatforms v9.1

9.1.0.0
9.1.0.2

127740

Fix Central Link : http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_042022&source=SAR

IBM TXSeries for Multiplatforms v8.2

8.2.0.0
8.2.0.1
8.2.0.2

127740

Fix Central Link: http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Liberty_042022&source=SAR

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtxseries_for_multiplatformsMatchany

VendorProductVersionCPE
ibmtxseries_for_multiplatformsanycpe:2.3:a:ibm:txseries_for_multiplatforms:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	txseries_for_multiplatforms	any	cpe:2.3:a:ibm:txseries_for_multiplatforms:any:::::::*

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.9%

JSON

Related for 6B3918B3CB55F64A90B2F118D94DC924B3F5FD5F8FA239EECE6B3FC877B7CA19