Lucene search
IbmCVE-2014-4778HistoryMay 25, 2015 - 2:59 p.m.
CVE-2014-4778
2015-05-2514:59:02
CWE-20
ibm
web.nvd.nist.gov
23
cve-2014-4778
ibm
license metric tool
endpoint manager
software use analysis
clickjacking
vulnerability
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
52.4%
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.
Affected configurations
Node
ibmendpoint_manager_familyMatch9.0.1
ORibmendpoint_manager_familyMatch9.1.0
ORibmlicense_metric_toolMatch9.0
ORibmlicense_metric_toolMatch9.0.1
ORibmlicense_metric_toolMatch9.1.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | endpoint_manager_family | 9.0.1 | cpe:2.3:a:ibm:endpoint_manager_family:9.0.1:*:*:*:*:*:*:* |
| ibm | endpoint_manager_family | 9.1.0 | cpe:2.3:a:ibm:endpoint_manager_family:9.1.0:*:*:*:*:*:*:* |
| ibm | license_metric_tool | 9.0 | cpe:2.3:a:ibm:license_metric_tool:9.0:*:*:*:*:*:*:* |
| ibm | license_metric_tool | 9.0.1 | cpe:2.3:a:ibm:license_metric_tool:9.0.1:*:*:*:*:*:*:* |
| ibm | license_metric_tool | 9.1.0.1 | cpe:2.3:a:ibm:license_metric_tool:9.1.0.1:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-05-25 14:59:00
nvd
nvd
CVE-2014-4778
2015-05-25 14:59:02
cvelist
cvelist
CVE-2014-4778
2015-05-25 14:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
52.4%
Related for CVE-2014-4778