Cross-Site Request Forgery Vulnerability in IBM License Metric Tool and Endpoint Manager
CVE-2014-4774

Currently unrated

Key Information:

Vendor: IBM
Status: Endpoint Manager Family; License Metric Tool
Vendor: CVE Published:; 25 May 2015

What is CVE-2014-4774?

A Cross-site request forgery vulnerability exists in the login interface of IBM License Metric Tool and Endpoint Manager for Software Use Analysis, prior to version 9.1.0.2. This flaw enables remote attackers to exploit the authentication process, potentially allowing unauthorized access by leveraging the FRAME element in the request. Users need to be aware of this security issue to safeguard their accounts and systems from potential attacks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21701389

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Jul 9, 2014