Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
license metric tool vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2015-4929
IBM License Metric Tool 9 prior to 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 prior to 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.
Ibm License Metric Tool 9.2.0
Ibm License Metric Tool 9.1.0.2
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.1.0.1
Ibm License Metric Tool 9.0.1
2.1
CVSSv2
CVE-2014-4776
IBM License Metric Tool 9 prior to 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.0.1
Ibm License Metric Tool 9.1.0.1
4.3
CVSSv2
CVE-2014-4778
IBM License Metric Tool 9 prior to 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 prior to 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote malicious users to conduct clickjacking attacks via vectors invo...
Ibm Endpoint Manager Family 9.0.1
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.0.1
Ibm License Metric Tool 9.1.0.1
Ibm Endpoint Manager Family 9.1.0
6.8
CVSSv2
CVE-2014-4774
Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 prior to 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 prior to 9.1.0.2 allows remote malicious users to hijack the authentication of arbitrary users via vectors involving a ...
Ibm License Metric Tool 9.0.1
Ibm Endpoint Manager Family 9.0.1
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.1.0.1
Ibm Endpoint Manager Family 9.1.0
NA
CVE-2023-43044
IBM License Metric Tool 9.2 could allow a remote malicious user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
Ibm License Metric Tool
5
CVSSv2
CVE-2014-8927
Common Inventory Technology (CIT) prior to 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote malicious users to cause a denial of service (CPU consumption or...
Ibm Endpoint Manager Family 9.0
Ibm Tivoli Asset Discovery For Distributed 7.5
Ibm License Metric Tool 7.2.2
Ibm License Metric Tool 7.5
Ibm License Metric Tool 9.0
Ibm Tivoli Asset Discovery For Distributed 7.2.2.0
5
CVSSv2
CVE-2014-8926
Common Inventory Technology (CIT) prior to 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote malicious users to cause a denial of service (CPU consumption or...
Ibm Endpoint Manager Family 9.0
Ibm Tivoli Asset Discovery For Distributed 7.5
Ibm License Metric Tool 7.2.2
Ibm License Metric Tool 7.5
Ibm License Metric Tool 9.0.1
Ibm Tivoli Asset Discovery For Distributed 7.2.2.0
5
CVSSv2
CVE-2016-8964
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote malicious user to brute force account credentials. IBM X-Force ID: 118853.
Ibm License Metric Tool
Ibm Bigfix Inventory
6.4
CVSSv2
CVE-2014-8924
The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via XML data containing an e...
Ibm License Metric Tool 7.2.2
Ibm License Metric Tool 7.5
Ibm Tivoli Asset Discovery For Distributed 7.2.2
Ibm Tivoli Asset Discovery For Distributed 7.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started