CVE-2014-4776

IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21713641	Patch Vendor Advisory
http://www.securityfocus.com/bid/74437
http://www.securitytracker.com/id/1032256
http://www-01.ibm.com/support/docview.wss?uid=swg21713641	Patch Vendor Advisory
http://www.securityfocus.com/bid/74437
http://www.securitytracker.com/id/1032256

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:license_metric_tool:9.0:::::::*
	cpe:2.3:a:ibm:license_metric_tool:9.0.1:::::::*
	cpe:2.3:a:ibm:license_metric_tool:9.1.0.1:::::::*

History

No history.

Information

Published : 2015-05-20 10:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4776

Mitre link : CVE-2014-4776

CVE.ORG link : CVE-2014-4776

JSON object : View

Products Affected

ibm

license_metric_tool

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-4776", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-20T10:59:00.073", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21713641", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/74437", "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1032256", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21713641", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/74437", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032256", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."}, {"lang": "es", "value": "IBM License Metric Tool 9 anterior a 9.1.0.2 no tiene un atributar de apagar el autocompletado para los campos de autenticaci\u00f3n, lo que facilita a atacantes remotos obtener el acceso mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:license_metric_tool:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87460E3D-45AB-40A2-8984-4726F2CE5124"}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A6C16F-6CA8-4780-B5DE-2A118DA05AFC"}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:9.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8FCE6A5-476E-475A-89B9-E369830A4E76"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}