License Metric Tool@9.1.0.1 Security Vulnerabilities and Issues — License Metric Tool@9.1.0.1 CVE List

Lucene search

IbmLicense Metric Tool9.1.0.1

4 matches found

CVE•added 2015/05/25 2:59 p.m.•37 views

CVE-2014-4774

Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.

6.8CVSS7.3AI score0.00103EPSS

CVE•added 2015/10/11 1:59 a.m.•36 views

CVE-2015-4929

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.

4CVSS5.9AI score0.0014EPSS

CVE•added 2015/05/25 2:59 p.m.•35 views

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.

4.3CVSS6.7AI score0.00218EPSS

CVE•added 2015/05/20 10:59 a.m.•31 views

CVE-2014-4776

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

2.1CVSS6.8AI score0.00195EPSS