VulnCheck KEV: CVE-2019-4061

IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Oct 2023. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE...

CVE-2022-38655

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...

Xxe

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...

CVE-2022-38655

CVE-2022-38655 concerns the HCL BigFix WebUI where non-master operators lack proper permission checks. Connected sources indicate that these operators can modify the relevance of fixlets or deploy fixlets from the BES Support external site, due to a missing-permission-control vulnerability in the...

Security Bulletin: Vulnerability in bzip2 and libbzip2 before affects IBM License Metric Tool and IBM BigFix Inventory (CVE-2010-0405)

Summary Integer overflow in the BZ2decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted compressed file. Vulnerability Details CVEID: CVE-2010-0405...

Security Bulletin: Vulnerability due to Server log files exposure affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8963)

Summary IBM License Metric Tool v9 and IBM BigFix Inventory v9 Server log files can potentially reveal sensitive information. Vulnerability Details CVEID: CVE-2016-8963 DESCRIPTION: IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user...

Security Bulletin: Vulnerability in RubyGems rest-client affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-1820)

Summary RubyGems rest-client component vulnerability allows for hijacking user session. Vulnerability Details CVE-ID: CVE-2015-1820 Description: RubyGems rest-client could allow a remote attacker to hijack a valid user''s session, caused by Set-Cookie headers being present in an HTTP 30x...

Security Bulletin: Vulnerability in account lockout affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8964)

Summary IBM License Metric Tool ILMT v9.x and IBM BigFix Inventory BFI v9.x were allowing attacker to conduct brute force dictionary attacks to bypass authentication due to a missing account lockout mechanism. The issue has been fixed in version 9.2.8. Vulnerability Details CVEID: CVE-2016-8964...

Security Bulletin: Vulnerability in URL Redirection affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8961)

Summary IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. This simplifies phishing attacks. Vulnerability Details CVEID: CVE-2016-8961 DESCRIPTION: IBM BigFix Inventory v9.x could...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-2098 CVE-2016-2097)

Summary Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. Vulnerability Details CVEID: CVE-2016-2098 DESCRIPTION: Ruby on Rails could allow a remote attacker to execute arbitrary code on the system, caused by improper validation o...

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2021-22885).

Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2021-22885 DESCRIPTION: Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by improper input validation by the Action Pack. By sending a...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.

Summary Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9. Vulnerability Details CVEID: CVE-2020-8184 DESCRIPTION: Rack could allow a remote attacker to bypass security restrictions, caused by the lack of validation/integrity check security for cookies. By...

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-16779).

Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2019-16779 DESCRIPTION: RubyGem excon could allow a remote attacker to obtain sensitive information, caused by a race condition around persistent connections. By sending a...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM License Metric Tool v9 (CVE-2019-4046).

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows a remote attacker to cause a denial of service. Vulnerability Details CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of...

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-5419).

Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2019-5419 DESCRIPTION: Ruby on Rails Action View module is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted accept header...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Apr 2018 Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified...