CSRF in Ibm Endpoint_manager_family

CVE-2014-4774

Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (27.8th percentile) — read the EPSS interpretation.

Affected products

Ibm Endpoint_manager_family — versions 9.0.1, 9.1.0
Ibm License_metric_tool — versions 9.0, 9.0.1, 9.1.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)