Information disclosure in Ibm License_metric_tool

CVE-2014-4776

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Vulnerability class: Information Disclosure

EPSS: 0.002 (41.3th percentile) — read the EPSS interpretation.

Affected products

Ibm License_metric_tool — versions 9.0, 9.0.1, 9.1.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

74437 (vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
1032256 (vdb-entry, x_refsource_SECTRACK)