exploitDog

CVE-2014-4776

Опубликовано: 20 мая 2015

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21713641
Patch
Vendor Advisory
http://www.securityfocus.com/bid/74437
http://www.securitytracker.com/id/1032256
http://www-01.ibm.com/support/docview.wss?uid=swg21713641
Patch
Vendor Advisory
http://www.securityfocus.com/bid/74437
http://www.securitytracker.com/id/1032256

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:license_metric_tool:9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:license_metric_tool:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:license_metric_tool:9.1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00195

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-5x5v-qpmc-45vj

github

больше 3 лет назад

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

EPSS

Процентиль: 41%

0.00195

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200