Description
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83128
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21636369
Scores
EPSS
0.0080
EPSS Percentile
52.2%
Details
CWE
CWE-20
Status
published
Products (7)
ibm/sterling_secure_proxy
3.2.0.0
ibm/sterling_secure_proxy
3.3.0.1
ibm/sterling_secure_proxy
3.4.0.0
ibm/sterling_secure_proxy
3.4.1.0
ibm/sterling_secure_proxy
3.4.1.2
ibm/sterling_secure_proxy
3.4.1.5
ibm/sterling_secure_proxy
3.4.1.6
Published
May 10, 2013
Tracked Since
Feb 18, 2026