EUVD-2015-4969

Malware in sbrugna...

EUVD-2017-10194

Malware in sbrugna...

IBM: There is a POST based CSRF issue over IBM endpoint leading to modification of contact information.

There was a CSRF vulnerability found in an IBM endpoint that allowed modification of contact information through a POST request...

IBM: Information disclosure identified on IBM endpoint.

The information disclosure vulnerability identified on an IBM endpoint was reported to IBM, analyzed, and remediated...

Security Bulletin: Vulnerability in Diffie-Helman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4000)

Summary The LogJam Attack on Diffie-Hellman ciphers affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis. Vulnerability Details CVEID : CVE-2015-4000 DESCRIPTION : The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure t...

Security Bulletin: IBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed Java-related vulnerabilities - October 2014

Summary IBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed are vulnerable to attacks related to Java vulnerabilites. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability...

Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2015-2017)

Summary WebSphere Liberty Profile is shipped as a component of IBM License Metric Tool v9 and IBM BigFix Inventory v9. Information about a security vulnerability affecting WebSphere Liberty Profile has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-2017 DESCRIPTION:...

Security Bulletin: Vulnerability due to Server log files exposure affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8963)

Summary IBM License Metric Tool v9 and IBM BigFix Inventory v9 Server log files can potentially reveal sensitive information. Vulnerability Details CVEID: CVE-2016-8963 DESCRIPTION: IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool, IBM Tivoli Asset Discovery for Distributed and IBM Endpoint Manager for Software Use Analysis (April 2015 CPU)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed.These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: Factoring Attack ...

Security Bulletin: A security vulnerability has been identified in BigFix Platform shipped with IBM Endpoint Manager for Software Use Analysis v2.2 (CVE-2016-6084)

Summary BigFix Platform BES Root Server and BES Relay is shipped as a component of IBM Endpoint Manager for Software Use Analysis v2.2. Information about a security vulnerability affecting BigFix Platform has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-6084...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-3226)

Summary A vulnerability in ActiveSupport component of Ruby on Rails framework used by IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis allows for stealing authentication cookies with cross-site scripting attack . Vulnerability Details CVEID: CVE-2015-3226 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9 - CVE-2014-6593, CVE-2015-0400, C

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9. These issues were disclosed as part of the IBM...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2

Summary Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9, IBM BigFix Inventory v9 and IBM Endpoint Manager for Software Use Analysis v9 & v2.2. Vulnerability Details CVEID: CVE-2015-7576 DESCRIPTION: Ruby on Rails could allow a remote attacker to obtain...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM License Metric Tool v9 (CVE-2019-4046).

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. This issue allows a remote attacker to cause a denial of service. Vulnerability Details CVEID: CVE-2019-4046 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of...

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-5419).

Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2019-5419 DESCRIPTION: Ruby on Rails Action View module is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted accept header...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Apr 2018 Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities affect bundling products shipped with SmartCloud Orchestrator and SmartCloud Orchestrator Enterprise (CVE-2015-1920, CVE-2015-4000)

Summary Information about security vulnerabilities affecting IBM Business Process Manager, IBM Tivoli System Automation for Multiplatforms, IBM Endpoint Manager for Patch Management, IBM SmartCloud Cost Management, IBM Tivoli System Application Automation Manager and IBM Tivoli Monitoring has bee...

IBM Endpoint Manager for Remote Control Detection

Detects the installed version of IBM Endpoint Manager for Remote Control. This script sends an HTTP GET request and tries to detect the presence of IBM Endpoint Manager for Remote Control from the response. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a...

Memory corruption

IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309...

CVE-2015-4952

The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196...