2 matches found
Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v9 vulnerable to CSRF attacks - CVE-2014-4774, CVE-2014-4778
Summary IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v9 are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed...
CVE-2014-4778
CVE-2014-4778 concerns IBM License Metric Tool (LM Tool) v9 and IBM Endpoint Manager for Software Use Analysis v9. The issue: the login page response lacks the X-Frame-Options header, enabling clickjacking through framing of the login page. Connected IBM bulletin confirms this and provides remedi...