Japan
サイト内の現在位置
Web systems using iframes are vulnerable to clickjacking
Number:NV15-019
JVN:JVN#48135658
CVE:CVE-2024-6466
Overview
In a web system where another HTML document is loaded using an iframe after login authentication, if X-FRAME-OPTIONS is not specified, there is a vulnerability to clickjacking. This could allow an attacker to reset settings or reboot products.
Products Affected
WebSAM DeploymentManager
Affected Version
from v6.0 to v6.80
Solution
Please update.
Ver6.81
References
CVE-2024-6466
https://www.cve.org/CVERecord?id=CVE-2024-6466
JVN#48135658
https://jvn.jp/en/jp/JVN48135658/index.html
Update
- 2025/01/21
-
First edition