Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD3786786DA6CD6644F4B1EFB00CDFC043669DCB9AF916355D766BF205D6199B9
HistoryAug 19, 2022 - 9:04 p.m.

Security Bulletin: Vulnerability in REST API affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4929)

2022-08-1921:04:31
www.ibm.com
9
ibm
license metric tool
endpoint manager
rest api
vulnerability
cve-2015-4929
information extraction
security bulletin

EPSS

0.001

Percentile

30.7%

JSON

Summary

Vulnerability in REST API present in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis allows for extraction of information.

Vulnerability Details

CVEID: CVE-2015-4929**
DESCRIPTION:** IBM License Metric Tool could allow an authenticated attacker to extract sensitive information due to incorrect handling of REST API requests.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104097 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Affected Products and Versions

IBM License Metric Tool v9

IBM Endpoint Manager for Software Use Analysis v9

Remediation/Fixes

Upgrade to version 9.2.1.0 or later:

  • In IBM Endpoint Manager console, expand IBM License Reporting orIBM BigFix Inventorynode underSites node in the tree panel.
  • Click Fixlets and Tasks node.Fixlets and Tasks panel will be displayed on the right.
  • In the Fixlets and Tasks panel locate Upgrade to the newest version of License Metric Tool 9.x or Upgrade to the newest version of IBM BigFix Inventory 9.x fixlet and run it against the computer that hosts your IBM License Metric Tool or IBM Endpoint Manager for Software Use Analysis server.

Note: In an airgapped environment, you have to run BESAirgapTool and BESDownloadCacher first in order to update your site.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html&gt;) to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{“Product”:{“code”:“SS8JFY”,“label”:“IBM License Metric Tool”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“–”,“Platform”:[{“code”:“PF016”,“label”:“Linux”},{“code”:“PF033”,“label”:“Windows”}],“Version”:“9.0;9.0.1;9.1;9.2”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Cross site request forgery (csrf)
2015-10-11 01:59:00
cvelist
cvelist
CVE-2015-4929
2015-10-11 01:00:00
nvd
nvd
CVE-2015-4929
2015-10-11 01:59:00
cve
cve
CVE-2015-4929
2015-10-11 01:59:00

EPSS

0.001

Percentile

30.7%

JSON
Related for D3786786DA6CD6644F4B1EFB00CDFC043669DCB9AF916355D766BF205D6199B9
prion1cvelist1nvd1cve1