7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.974 High
EPSS
Percentile
99.8%
Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2.
CVEID: CVE-2015-7576**
DESCRIPTION:** Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by a timing attack in the basic authentication support in Action Controller. An attacker could exploit this vulnerability to obtain the username and password.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110099 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-7577**
DESCRIPTION:** Ruby on Rails could allow a remote attacker to bypass security restrictions, caused by the improper handling of updates in combination with destroy flags when destroying records isdisabled by the nested attributes feature in Active Record. An attacker could exploit this vulnerability to set attributes to invalid values.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110100 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-7581**
DESCRIPTION:** Ruby on Rails is vulnerable to a denial of service, caused by an object leak vulnerability for wildcard controllers in Action Pack. An attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110104 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-0751**
DESCRIPTION:** Ruby on Rails is vulnerable to a denial of service, caused by an object leak in Action Pack. By sending a specially crafted accept header, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110105 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-0752**
DESCRIPTION:** Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by an error in Action View. By sending a specially crafted request, an attacker could exploit this vulnerability to view portions of files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110106 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-0753**
DESCRIPTION:** Ruby on Rails could allow a remote attacker to bypass security restrictions, caused by input validation in Active Model. By sending specially crafted data, an attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110107 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM License Metric Tool v9
IBM BigFix Inventory v9
IBM Endpoint Manager for Software Use Analysis v9 & v2.2
For v9, upgrade to version v9.2.4.0.
Use the following procedure:
Note: In an airgapped environment, you have to run BESAirgapTool and BESDownloadCacher first in order to update your site.
For v2.2, upgrade to IBM BigFix Inventory 9.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm license metric tool | eq | 9.0 | |
ibm license metric tool | eq | 9.0.1 | |
ibm license metric tool | eq | 9.1 | |
ibm license metric tool | eq | 9.2 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.974 High
EPSS
Percentile
99.8%