App Connect Enterprise Certified Container Dashboard is vulnerable to a clickjacking attack that may cause an information leak.
CVEID:CVE-2020-4785
**DESCRIPTION:**IBM App Connect Enterprise Certified Container could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189219 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
App Connect Enterprise Certified Container | 1.0.0 with Operator |
App Connect Enterprise Certified Container | 1.0.1 with Operator |
App Connect Enterprise Certified Container | 1.0.2 with Operator |
App Connect Enterprise Certified Container | 1.0.3 with Operator |
App Connect Enterprise Certified Container | 1.0.4 with Operator |
Upgrade to App Connect Enterprise Certified Container to Operator version 1.0.5 (available in CASE 1.0.6) or higher, and ensure that any Dashboard components are upgraded to 11.0.0.10-r2 or higher.
None