Vulnerability Name:

CVE-2019-4285 (CCN-160513)

Assigned:2019-07-25
Published:2019-07-25
Updated:2022-01-01
Summary:IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.
CVSS v3 Severity:5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-1021
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-4285

Source: XF
Type: UNKNOWN
ibm-websphere-cve20194285-clickjacking(160513)

Source: XF
Type: VDB Entry, Vendor Advisory
ibm-websphere-cve20194285-clickjacking (160513)

Source: CCN
Type: IBM Security Bulletin 884064 (WebSphere Application Server)
Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10884064

Source: CCN
Type: IBM Security Bulletin 1105575 (MQ)
IBM MQ Console is vulnerable to a Click-jacking attack. (CVE-2019-4285)

Source: CCN
Type: IBM Security Bulletin 961394 (Spectrum Control)
Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285)

Source: CCN
Type: IBM Security Bulletin 961708 (WebSphere Application Server in Cloud)
Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center (CVE-2019-4285)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:websphere_application_server:-:*:*:*:liberty:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.15.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.17.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.2.17.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.0.3:*:*:*:-:*:*:*
  • OR cpe:/a:ibm:websphere_mq:9.1.3:*:*:*:-:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm websphere application server -
    ibm websphere application server *
    ibm websphere application server in cloud *
    ibm websphere mq 9.1.0.0
    ibm spectrum control 5.2.13
    ibm spectrum control 5.2.14
    ibm spectrum control 5.2.15
    ibm spectrum control 5.2.15.2
    ibm spectrum control 5.2.16
    ibm spectrum control 5.2.17.0
    ibm spectrum control 5.2.17.2
    ibm spectrum control 5.3.0
    ibm websphere mq 9.1.0.1
    ibm websphere mq 9.1.1
    ibm websphere mq 9.1.0.2
    ibm websphere mq 9.1.2
    ibm spectrum control 5.2.17.2
    ibm spectrum control 5.2.17.3
    ibm spectrum control 5.3.1
    ibm spectrum control 5.3.2
    ibm spectrum control 5.3.3
    ibm websphere mq 9.1.0.3
    ibm websphere mq 9.1.3