Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile and WebSphere Application Server shipped with License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed

Summary WebSphere Liberty Profile which is a base component of IBM License Metric Tool v9 & and IBM Endpoint Manager for Software Use Analysis v9 and WebSphere Application Server which is a base component of IBM License Metric Tool v7.5 and IBM Tivoli Asset Discovery for Distributed v7.5 are...

Security Bulletin: IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v2.2 and v9 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSLv3 connections (CVE-2014-3566)

Summary SSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and...

Security Bulletin: Vulnerability in RubyGems rest-client affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-1820)

Summary RubyGems rest-client component vulnerability allows for hijacking user session. Vulnerability Details CVE-ID: CVE-2015-1820 Description: RubyGems rest-client could allow a remote attacker to hijack a valid user''s session, caused by Set-Cookie headers being present in an HTTP 30x...

Security Bulletin: A security vulnerability has been identified in BigFix Platform shipped with IBM Endpoint Manager for Software Use Analysis v2.2 (CVE-2016-6084)

Summary BigFix Platform BES Root Server and BES Relay is shipped as a component of IBM Endpoint Manager for Software Use Analysis v2.2. Information about a security vulnerability affecting BigFix Platform has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-6084...

Security Bulletin: Vulnerability in InstallAnywhere affects IBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2542)

Summary A vulnerability in InstallAnywhere on Windows systems affects IBM License Metric Tool v7.5 & v7.2.2, IBM Endpoint Manager for Software Use Analysis v2.2 and IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera...

Vulnerabilities in IBM License Metric Tool and Endpoint Manager for Software Use Analysis

IBM License Metric Tool and Endpoint Manager for Software Use Analysis are both products of IBM Corporation. The former is a set of free tools to help IBM Passport Advantage software upgrades and support services customers to determine their processor value unit PVU licensing requirements; the...

CVE-2015-4929

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...

CVE-2015-4929

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...

CVE-2015-4929

CVE-2015-4929 affects IBM License Metric Tool v9 (and IBM Endpoint Manager for Software Use Analysis v9) where the REST API mishandles requests, allowing a remote authenticated attacker to bypass access restrictions and extract sensitive information. IBM’s security bulletin identifies the root ca...

Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03496)

IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...

Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03487)

IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...

IBM License Metric Tool and Endpoint Manager for Software Use Analysis Clickjacking Vulnerability

IBM License Metric Tool is a free tool that helps IBM Passport Advantage customers determine their processor value unit PVU licensing needs; IBM Endpoint Manager for Software Use Analysis is a solution that enables overall software asset management by accurately discovering whether software in al...

IBM License Metric Tool and Endpoint Manager for Software Use Analysis Cross-Site Request Forgery Vulnerability

IBM License Metric Tool is a free tool that helps IBM Passport Advantage customers determine their processor value unit PVU licensing needs; IBM Endpoint Manager for Software Use Analysis is a solution that enables overall software asset management by accurately discovering whether software in al...

CVE-2014-8926

Common Inventory Technology CIT before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service CPU consumption or application crash via a...

CVE-2014-4778

CVE-2014-4778 concerns IBM License Metric Tool (LM Tool) v9 and IBM Endpoint Manager for Software Use Analysis v9. The issue: the login page response lacks the X-Frame-Options header, enabling clickjacking through framing of the login page. Connected IBM bulletin confirms this and provides remedi...

CVE-2014-8926

CVE-2014-8926 affects IBM License Metric Tool (CIT) before 2.7.0.2050 in IBM License Metric Tool v7.2.2, v7.5, and v9; IBM Endpoint Manger for Software Use Analysis v9; and Tivoli Asset Discovery for Distributed v7.2.2 and v7.5. A crafted XML query can cause denial of service via CPU consumption ...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...

CVE-2013-0452

Cross-site request forgery CSRF vulnerability in the Software Use Analysis SUA application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format AMF messages...