Improper input validation in Ibm Endpoint_manager_family

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickj…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (44.5th percentile) — read the EPSS interpretation.

Affected products

Ibm Endpoint_manager_family — versions 9.0.1, 9.1.0
Ibm License_metric_tool — versions 9.0, 9.0.1, 9.1.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)