Vulnerability Description
IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | License Metric Tool | 9.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21713641PatchVendor Advisory
- http://www.securityfocus.com/bid/74437
- http://www.securitytracker.com/id/1032256
- http://www-01.ibm.com/support/docview.wss?uid=swg21713641PatchVendor Advisory
- http://www.securityfocus.com/bid/74437
- http://www.securitytracker.com/id/1032256
FAQ
What is CVE-2014-4776?
CVE-2014-4776 is a vulnerability with a CVSS score of 2.1 (LOW). IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended ...
How severe is CVE-2014-4776?
CVE-2014-4776 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4776?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm License Metric Tool.