CVE-2014-4776

Published: May 20, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Affected (3)

Products: Ibm: License Metric Tool

Ibm

1 product

License Metric Tool

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm License Metric Tool	Version 9.0.1
Ibm License Metric Tool	Version 9.0
Ibm License Metric Tool	Version 9.1.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg21713641

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/74437

Source: psirt@us.ibm.com

http://www.securitytracker.com/id/1032256

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21713641

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/74437

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032256

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.