CIT scanner component contains format string vulnerability in wscanhw executable and stack overflow vulnerability in wscansw executable.
Successful exploitation of the vulnerabilities allows for scanner process manipulation, and possibly crashing the process.
CVEID: CVE-2014-8927**
DESCRIPTION:** IBM License Metric Tool contains a disruption of service vulnerability. A remote user can issue a specially crafted XML query to increase CPU usage and cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99432 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-8926**
DESCRIPTION:** IBM License Metric Tool contains a disruption of service vulnerability. A remote user can issue a specially crafted XML query to increase CPU usage and cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99431 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
IBM License Metric Tool v9, v7.5, 7.2.2 IBM Endpoint Manger for Software Use Analysis v9 IBM Tivoli Asset Discovery for Distributed v7.5, v7.2.2
None