Clickjacking Vulnerability in IBM License Metric Tool and Endpoint Manager for Software Use Analysis
CVE-2014-4778

Currently unrated

Key Information:

Vendor
IBM
Status
Endpoint Manager Family
License Metric Tool
Vendor
CVE Published:
25 May 2015

Summary

The IBM License Metric Tool and Endpoint Manager for Software Use Analysis are susceptible to clickjacking attacks due to the absence of the X-Frame-Options HTTP header in responses to login page requests. This omission allows remote attackers to embed the login interface in a FRAME element on their malicious site, tricking users into entering sensitive credentials unknowingly.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21701389
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.