Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate...

Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2026-1188).

Summary A vulnerability in Java component used by IBM License Metric Tool have been remediated. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was...

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM License Metric Tool

Summary There is a vulnerability in the WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by...

CVE-2023-43044

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 266893...

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules,...

EUVD-2014-8754

Malware in sbrugna...

EUVD-2014-8753

Malware in sbrugna...

EUVD-2014-4695

Malware in sbrugna...

EUVD-2014-4693

Malware in sbrugna...

EUVD-2014-4697

Malware in sbrugna...

EUVD-2014-8751

Malware in sbrugna...

EUVD-2023-47465

Malicious code in bioql PyPI...

CVE-2025-36351

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

CVE-2025-36351

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

CVE-2025-36352

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

CVE-2025-36351 IBM License Metric Tool bypass security

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions...

CVE-2025-36351

IBM License Metric Tool version 9.2.0–9.2.40 is affected by CVE-2025-36351, where an authenticated user could bypass REST API access controls and perform unauthorized actions. The issue stems from insufficient authorization checks in the REST API and is rated with CVSSv3.1 base score 4.3 (MEDIUM)...

CVE-2025-36352 IBM License Metric Tool cross-site scripting

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

CVE-2025-36352 IBM License Metric Tool cross-site scripting

IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

CVE-2025-36352

IBM License Metric Tool (ILMT) versions 9.2.0–9.2.40 are vulnerable to stored cross-site scripting (CXS) in the Web UI, exploitable by an authenticated user and potentially leading to credentials disclosure in a trusted session. The issue is tied to IBM’s advisory and public CVE-2025-36352 record...