3 matches found
Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v9 vulnerable to CSRF attacks - CVE-2014-4774, CVE-2014-4778
Summary IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v9 are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed...
CVE-2014-4774
Cross-site request forgery CSRF vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element...
CVE-2014-4774
CVE-2014-4774 affects IBM License Metric Tool (LM Tool) v9 and IBM Endpoint Manager for Software Use Analysis v9. The login page is vulnerable to CSRF via framing (FRAME) that can hijack user authentication for affected versions before 9.1.0.2. IBM’s security bulletin and related entries confirm ...