Clickjacking Vulnerability in IBM License Metric Tool and Endpoint Manager for Software Use Analysis
CVE-2014-4778
Currently unrated
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 25 May 2015
What is CVE-2014-4778?
The IBM License Metric Tool and Endpoint Manager for Software Use Analysis are susceptible to clickjacking attacks due to the absence of the X-Frame-Options HTTP header in responses to login page requests. This omission allows remote attackers to embed the login interface in a FRAME element on their malicious site, tricking users into entering sensitive credentials unknowingly.