PT-2015-3774 · Ibm · Ibm Endpoint Manager For Software Use Analysis+1

Publicado

2015-05-25

·

Atualizado

2015-05-26

·

CVE-2014-4774

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions IBM License Metric Tool versions prior to 9.1.0.2 IBM Endpoint Manager for Software Use Analysis versions prior to 9.1.0.2
Description A cross-site request forgery (CSRF) issue exists in the login page, allowing remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.
Recommendations For IBM License Metric Tool versions prior to 9.1.0.2, update to version 9.1.0.2 or later to resolve the issue. For IBM Endpoint Manager for Software Use Analysis versions prior to 9.1.0.2, update to version 9.1.0.2 or later to resolve the issue.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2014-4774

Produtos afetados

Ibm Endpoint Manager For Software Use Analysis
Ibm License Metric Tool