Authors: Created by IBM

IBM WebSphere Application Server is vulnerable to clickjacking when REST API discovery is configured through the WebSphere administrative console Web Container settings to enable the API Discovery service, or through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, apiDiscovery-1.0, openapi-3.0 or openapi-3.1.This has been addressed. CVEID:  CVE-2021-39038^[1]
DESCRIPTION:  IBM WebSphere Application Server could allow a remote attacker to hijack the clicking action of the...

Just published by IBM: Read more