Information disclosure in Ibm License_metric_tool

CVE-2015-4929

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.

Vulnerability class: Information Disclosure

EPSS: 0.001 (33.9th percentile) — read the EPSS interpretation.

Affected products

Ibm License_metric_tool — versions 9.0, 9.0.1, 9.1.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1033758 (vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)