A medium clickjacking vulnerability has been found in VIP Enterprise Gateway(EG) console.
Vulnerability Description:
The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.
Note: This patch applies only to VIP EG v.9.8.4 (Windows/Linux). Upgrade existing installations to VIP EG 9.8.4 before proceeding or upgraded to VIP EG 9.9.x or newer.