IBM Sterling External Authentication Server 184.108.40.206, 220.127.116.11, and 18.104.22.168 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack.
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 22.214.171.124 through 126.96.36.199 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.