The IBM Security Information Queue (ISIQ) web application is vulnerable to a clickjacking attack in which an untrusted page could get embedded into another frame or object. As of v1.0.3, the ISIQ web server disallows browsers from embedding content.
CVEID: CVE-2019-4217 DESCRIPTION: IBM Security Information Queue (ISIQ) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victimβs click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159226> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM Security Information Queue v1.0.0, v1.0.1, and v1.0.2
Download and install the latest IBM Security Information Queue images (tagged at 1.0.3 or greater) from the Docker Hub repository, βibmcorp/security_information_queueβ:
<https://cloud.docker.com/u/ibmcorp/repository/docker/ibmcorp/security_information_queue>