CVE-2014-4778

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 55.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Endpoint Manager FamilyIBM License Metric Tool
Timeline
PublishedMay 25
Latest updateMay 17

Description

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDibm/license_metric_tool9.0, 9.0.1, 9.1.0.1+2
NVDibm/endpoint_manager_family9.0.1, 9.1.0+1

🔴Vulnerability Details

2
GHSA
GHSA-869p-rj24-pjcc: IBM License Metric Tool 9 before 92022-05-17
CVEList
CVE-2014-4778: IBM License Metric Tool 9 before 92015-05-25
CVE-2014-4778 (MEDIUM CVSS 4.3) | IBM License Metric Tool 9 before 9. | cvebase.io