PT-2015-3776 · Ibm · Ibm Endpoint Manager For Software Use Analysis+1

Publicado

2015-05-25

·

Atualizado

2015-05-26

·

CVE-2014-4778

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM License Metric Tool versions 9.0.0 through 9.1.0.1 IBM Endpoint Manager for Software Use Analysis versions 9.0.0 through 9.1.0.1
Description The issue allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element, as the login page does not send an X-Frame-Options HTTP header in response to requests.
Recommendations For IBM License Metric Tool versions 9.0.0 through 9.1.0.1, update to version 9.1.0.2 or later. For IBM Endpoint Manager for Software Use Analysis versions 9.0.0 through 9.1.0.1, update to version 9.1.0.2 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-4778

Produtos afetados

Ibm Endpoint Manager For Software Use Analysis
Ibm License Metric Tool