Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-10454

Summary
Assigner-INCIBE
Assigner Org ID-0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At-31 Oct, 2024 | 12:54
Updated At-31 Oct, 2024 | 13:45
Rejected At-
Credits

Clickjacking vulnerability in Clibo Manager

Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:INCIBE
Assigner Org ID:0cbda920-cd7f-484a-8e76-bf7f4b7f4516
Published At:31 Oct, 2024 | 12:54
Updated At:31 Oct, 2024 | 13:45
Rejected At:
▼CVE Numbering Authority (CNA)
Clickjacking vulnerability in Clibo Manager

Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims.

Affected Products
Vendor
Clibo Manager
Product
Clibo Manager
Default Status
unaffected
Versions
Affected
  • 1.1.9.12
Problem Types
TypeCWE IDDescription
CWECWE-1021CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Type: CWE
CWE ID: CWE-1021
Description: CWE-1021 Improper Restriction of Rendered UI Layers or Frames
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The vulnerability has been fixed by the Clibo Manager team in version 1.1.9.18.

Configurations
Workarounds
Exploits
Credits
finder
David Padilla Alvarado
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.incibe.es/en/incibe-cert/notices/aviso/clickjacking-vulnerability-clibo-manager
N/A
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/clickjacking-vulnerability-clibo-manager
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-coordination@incibe.es
Published At:31 Oct, 2024 | 13:15
Updated At:01 Nov, 2024 | 12:57

Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-1021Primarycve-coordination@incibe.es
CWE ID: CWE-1021
Type: Primary
Source: cve-coordination@incibe.es
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.incibe.es/en/incibe-cert/notices/aviso/clickjacking-vulnerability-clibo-managercve-coordination@incibe.es
N/A
Hyperlink: https://www.incibe.es/en/incibe-cert/notices/aviso/clickjacking-vulnerability-clibo-manager
Source: cve-coordination@incibe.es
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2022-22503
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 15.37%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 17:15
Updated-17 Sep, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automationrobotic_process_automation_as_a_serviceRobotic Process Automation
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2025-1494
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 6.82%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 16:45
Updated-26 Aug, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Command Center clickjacking

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Action-Not Available
Vendor-IBM Corporation
Product-Cognos Command Center
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2024-9397
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.56%
||
7 Day CHG~0.00%
Published-01 Oct, 2024 | 15:13
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2023-23343
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-2.4||LOW
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 21:57
Updated-05 Dec, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix OSD Bare Metal Server version 311.12 or lower is affected by a clickjacking vulnerability.

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_osd_bare_metal_serverHCL BigFix OSD Bare Metal Server
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2023-1362
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-58.45% / 98.12%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2.

Action-Not Available
Vendor-bumsys_projectunilogies
Product-bumsysunilogies/bumsys
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-8771
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.26% / 48.97%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:47
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ossafariSafariiOS
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2023-36920
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 29.86%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:51
Updated-06 Sep, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clickjacking vulnerability in SAP Enable Now

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

Action-Not Available
Vendor-SAP SE
Product-enable_now_enable_now_consump_delenable_now_wpb_manager_ceenable_now_wpb_manager_hanaenable_now_wpb_managerSAP Enable Now
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2022-36182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.61%
||
7 Day CHG+0.01%
Published-27 Oct, 2022 | 00:00
Updated-07 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-boundaryn/a
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-27414
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.66%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-16 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.

Action-Not Available
Vendor-Hitachi Energy Ltd.Hitachi, Ltd.
Product-ellipse_enterprise_asset_managementEllipse Enterprise Asset Management (EAM)
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-21444
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.61%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 20:44
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligenceSAP Business Objects Business Intelligence Platform (CMC and BI Launchpad)
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2020-4727
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 40.04%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:00
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
  • Previous
  • 1
  • 2
  • Next
Details not found