IBM Support

JR47055: FRAMEABLE RESPONSE (POTENTIAL CLICKJACKING)

Fixes are available

Download ISF roll-up 1 for InfoSphere Information Server Version 9.1.2
InfoSphere Information Server, Version 11.3 for Microsoft Windows
InfoSphere Information Server, Version 11.3 for AIX
InfoSphere Information Server, Version 11.3 for Linux
Download ISF roll-up 2 for InfoSphere Information Server Version 8.5.0.3
Download ISF roll-up 2 for InfoSphere Information Server Version 9.1.2
IBM InfoSphere Information Server Enterprise Edition V11.3 for Windows
Download ISF roll-up 3 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 5 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 7 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 8 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 4 for InfoSphere Information Server Version 8.5.0.3
Download ISF roll-up 11 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 12 for InfoSphere Information Server Version 9.1.2
Download ISF roll-up 1 for InfoSphere Information Server Version 8.7.0.2
Download ISF roll-up 10 for InfoSphere Information Server Version 9.1.2

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • It might be possible for a web page controlled by an
attacker to load the content of this response within
an iframe on the attacker's page. This may enable
a "clickjacking" attack, in which the attacker's page
overlays the target application's interface with a
different interface provided by the attacker. By
inducing victim users to perform actions such as
mouse clicks and keystrokes, the attacker can
cause them to unwittingly carry out actions within
the application that is being targeted. This
technique allows the attacker to circumvent
defenses against cross-site request forgery, and
may result in unauthorized actions.

CVE-2013-4066

Local fix

  • N/A

Problem summary

Problem conclusion

  • The recommended solution is to apply the fix as soon as
practical.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    JR47055
    • 

  • Reported component name
    WIS DATASTAGE
    • 

  • Reported component ID
    5724Q36DS
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-06-24
    • 

  • Closed date
    2013-11-29
    • 

  • Last modified date
    2013-11-29
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WIS DATASTAGE
    • 

  • Fixed component ID
    5724Q36DS
    • 



Applicable component levels


    

  • R850  PSY
       UP
    • 

  • R870  PSY
       UP
    • 

  • R912  PSY
       UP
    • 

  • R910  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVSEF","label":"InfoSphere DataStage"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            12 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback