CVE-2014-4774

2015-05-2514:59:00

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.002

Percentile

52.4%

JSON

Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.

Affected configurations

Nvd

Node

ibmendpoint_manager_familyMatch9.0.1

ibmendpoint_manager_familyMatch9.1.0

ibmlicense_metric_toolMatch9.0

ibmlicense_metric_toolMatch9.0.1

ibmlicense_metric_toolMatch9.1.0.1

VendorProductVersionCPE
ibmendpoint_manager_family9.0.1cpe:2.3:a:ibm:endpoint_manager_family:9.0.1:*:*:*:*:*:*:*
ibmendpoint_manager_family9.1.0cpe:2.3:a:ibm:endpoint_manager_family:9.1.0:*:*:*:*:*:*:*
ibmlicense_metric_tool9.0cpe:2.3:a:ibm:license_metric_tool:9.0:*:*:*:*:*:*:*
ibmlicense_metric_tool9.0.1cpe:2.3:a:ibm:license_metric_tool:9.0.1:*:*:*:*:*:*:*
ibmlicense_metric_tool9.1.0.1cpe:2.3:a:ibm:license_metric_tool:9.1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	endpoint_manager_family	9.0.1	cpe:2.3:a:ibm:endpoint_manager_family:9.0.1:::::::*
ibm	endpoint_manager_family	9.1.0	cpe:2.3:a:ibm:endpoint_manager_family:9.1.0:::::::*
ibm	license_metric_tool	9.0	cpe:2.3:a:ibm:license_metric_tool:9.0:::::::*
ibm	license_metric_tool	9.0.1	cpe:2.3:a:ibm:license_metric_tool:9.0.1:::::::*
ibm	license_metric_tool	9.1.0.1	cpe:2.3:a:ibm:license_metric_tool:9.1.0.1:::::::*