Ibm License_metric_tool
15 CVEs affecting Ibm License_metric_tool. Latest disclosed: 2017-07-13. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-8964 | Critical | 9.8 | 2017-07-13 | IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 1… |
CVE-2016-8980 | High | 8.1 | 2017-02-01 | IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacke… |
CVE-2016-8961 | Medium | 6.1 | 2017-02-01 | IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-c… |
CVE-2016-8966 | Medium | 5.9 | 2017-02-01 | IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security… |
CVE-2016-8963 | Medium | 5.5 | 2017-02-01 | IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user. |
CVE-2016-8967 | Medium | 5.5 | 2017-02-01 | IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user. |
CVE-2016-8981 | Medium | 5.5 | 2017-02-01 | IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. |
CVE-2016-8977 | Medium | 5.3 | 2017-02-01 | IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further a… |
CVE-2015-4929 | | 2015-10-11 | IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended ac… | |
CVE-2014-8927 | | 2015-05-25 | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset… | |
CVE-2014-8926 | | 2015-05-25 | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset… | |
CVE-2014-4778 | | 2015-05-25 | IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response… | |
CVE-2014-4774 | | 2015-05-25 | Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9… | |
CVE-2014-8924 | | 2015-05-20 | The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 al… | |
CVE-2014-4776 | | 2015-05-20 | IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to o… |