Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

UAA - Login app subject to clickjacking attack

Disclosure Date: July 18, 2019 (last updated November 27, 2024)
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0