Clickjacking Vulnerability in IBM License Metric Tool and Endpoint Manager for Software Use Analysis
CVE-2014-4778
Currently unrated
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 25 May 2015
Summary
The IBM License Metric Tool and Endpoint Manager for Software Use Analysis are susceptible to clickjacking attacks due to the absence of the X-Frame-Options HTTP header in responses to login page requests. This omission allows remote attackers to embed the login interface in a FRAME element on their malicious site, tricking users into entering sensitive credentials unknowingly.
References
Timeline
Vulnerability published
Vulnerability Reserved