IBM WebSphere Application Server is vulnerable to clickjacking when
REST API discovery is configured through the WebSphere
administrative console Web Container settings to enable the API
Discovery service, or through IBM WebSphere Application Server
Liberty features mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0,
apiDiscovery-1.0, openapi-3.0 or openapi-3.1.This has been
addressed. CVEID: CVE-2021-39038[1] DESCRIPTION: IBM WebSphere Application
Server could allow a remote attacker to hijack the clicking action
of the...