CVE-2014-4776

CWE-200Information Exposure3 documents3 sources
Severity
2.1LOW
EPSS
0.2%
top 58.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM License Metric Tool
Timeline
PublishedMay 20
Latest updateMay 17

Description

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDibm/license_metric_tool9.0, 9.0.1, 9.1.0.1+2

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-5x5v-qpmc-45vj: IBM License Metric Tool 9 before 92022-05-17
CVEList
CVE-2014-4776: IBM License Metric Tool 9 before 92015-05-20
CVE-2014-4776 (LOW CVSS 2.1) | IBM License Metric Tool 9 before 9. | cvebase.io