Clickjacking Vulnerability in IBM License Metric Tool and Endpoint Manager for Software Use Analysis
CVE-2014-4778

Currently unrated

Key Information:

Vendor: IBM
Status: Endpoint Manager Family; License Metric Tool
Vendor: CVE Published:; 25 May 2015

What is CVE-2014-4778?

The IBM License Metric Tool and Endpoint Manager for Software Use Analysis are susceptible to clickjacking attacks due to the absence of the X-Frame-Options HTTP header in responses to login page requests. This omission allows remote attackers to embed the login interface in a FRAME element on their malicious site, tricking users into entering sensitive credentials unknowingly.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21701389

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Jul 9, 2014