Vulnerabilities > IBM > License Metric Tool > 9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2023-43044 | Path Traversal vulnerability in IBM License Metric Tool IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2017-07-13 | CVE-2016-8964 | Information Exposure vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.0 |
| 2015-10-11 | CVE-2015-4929 | Information Exposure vulnerability in IBM License Metric Tool IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | 4.0 |
| 2015-05-25 | CVE-2014-8927 | Resource Management Errors vulnerability in IBM products Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926. | 5.0 |
| 2015-05-25 | CVE-2014-4778 | Improper Input Validation vulnerability in IBM Endpoint Manager Family and License Metric Tool IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element. | 4.3 |
| 2015-05-25 | CVE-2014-4774 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Endpoint Manager Family and License Metric Tool Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element. | 6.8 |
| 2015-05-20 | CVE-2014-4776 | Information Exposure vulnerability in IBM License Metric Tool 9.0/9.0.1/9.1.0.1 IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 2.1 |