CVE-2020-15793

MEDIUM Year: 2020
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.

Related Vulnerabilities

CVE-2019-4285

MEDIUM
CVSS:5.4(Medium)

IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attack...

CWE-10212019

CVE-2020-2105

MEDIUM
CVSS:5.4(Medium)

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.

CWE-10212020

CVE-2020-4165

MEDIUM
CVSS:5.4(Medium)

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit th...

CWE-10212020

CVE-2020-4195

MEDIUM
CVSS:5.4(Medium)

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could...

CWE-10212020

CVE-2020-4406

MEDIUM
CVSS:5.4(Medium)

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1...

CWE-10212020

CVE-2020-4547

MEDIUM
CVSS:5.4(Medium)

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulne...

CWE-10212020