Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20560

Опубликовано: 26 июл. 2021
Источник: nvd
CVSS3: 5.4
CVSS3: 5.4
CVSS2: 4.9
EPSS Низкий

Описание

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect_direct_user_interface:1.5.0.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*

EPSS

Процентиль: 23%
0.00076
Низкий

5.4 Medium

CVSS3

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-1021

Связанные уязвимости

github логотип

GHSA-h77f-cchv-qq93

github
больше 3 лет назад

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 199229.

EPSS

Процентиль: 23%
0.00076
Низкий

5.4 Medium

CVSS3

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-1021