CVE-2024-30109

LOW Year: 2024
CVSS v3 Score
3.7
Low
Weakness Type
CWE-1021
View all →

Vulnerability Description

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.

Related Vulnerabilities

CVE-2023-0654

LOW
CVSS:3.7(Low)

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on ...

CWE-10212023

CVE-2022-20226

LOW
CVSS:3.9(Low)

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges ne...

CWE-10212022

CVE-2023-0780

MEDIUM
CVSS:4.0(Medium)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

CWE-10212023

CVE-2021-33596

MEDIUM
CVSS:4.1(Medium)

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requir...

CWE-10212021

CVE-2021-0992

LOW
CVSS:3.3(Low)

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no ...

CWE-10212021

CVE-2024-20810

LOW
CVSS:3.3(Low)

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

CWE-10212024