Vulnerabilities > IBM > License Metric Tool > 7.2.2

DATE CVE VULNERABILITY TITLE RISK
2023-09-28 CVE-2023-43044 Path Traversal vulnerability in IBM License Metric Tool
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
7.5
2015-05-25 CVE-2014-8927 Resource Management Errors vulnerability in IBM products
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926.
network
low complexity
ibm CWE-399
5.0
5.0
2015-05-25 CVE-2014-8926 Resource Management Errors vulnerability in IBM products
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927.
network
low complexity
ibm CWE-399
5.0
5.0
2015-05-20 CVE-2014-8924 XML External Entity Information Disclosure vulnerability in IBM products
The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
6.4
6.4