Medium Severity

IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4285)

Share this post:

There is a potential clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center).

CVE(s): CVE-2019-4285

Affected product(s) and affected version(s):

Affected Product Affected Versions
IBM Spectrum Control 5.2.13 – 5.2.17.3
IBM Spectrum Control 5.3.0 – 5.3.3

The versions listed above apply to all licensed offerings of IBM Spectrum Control.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/961394
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160513

More stories

Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name

Aug 4, 2020 8:01 pm EDT | Medium Severity

CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name ...read more


Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java™ Technology Edition

Aug 4, 2020 8:00 pm EDT | Medium Severity

CVE-2019-2949 was disclosed in the Oracle October 2019 Critical Patch Update ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Aug 4, 2020 8:00 pm EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020. ...read more