Tivoli Endpoint Manager Security Vulnerabilities and Issues — Tivoli Endpoint Manager CVE List

Lucene search

IbmTivoli Endpoint Manager

9 matches found

CVE•added 2012/03/22 3:28 a.m.•114 views

CVE-2012-0719

Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2012/11/29 1:14 p.m.•43 views

CVE-2012-4841

Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.

5CVSS6.9AI score0.00645EPSS

CVE•added 2014/07/02 10:35 a.m.•42 views

CVE-2014-3066

IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6.7AI score0.00917EPSS

CVE•added 2012/03/22 3:28 a.m.•38 views

CVE-2012-1837

The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access ...

5CVSS6.1AI score0.00234EPSS

CVE•added 2020/02/18 6:15 p.m.•36 views

CVE-2012-0718

IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.

5.8CVSS5.4AI score0.00192EPSS

CVE•added 2015/02/16 12:59 a.m.•36 views

CVE-2014-6137

Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.4AI score0.01233EPSS

CVE•added 2013/03/21 8:55 p.m.•34 views

CVE-2013-0453

Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2015/02/16 12:59 a.m.•34 views

CVE-2014-6113

Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00236EPSS

CVE•added 2013/03/29 4:8 p.m.•28 views

CVE-2013-0452

Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.

6.8CVSS7.3AI score0.00119EPSS