Ibm License Metric Tool — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm License Metric Tool, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2016-8964 — CVSS 9.8 (critical): IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account…
CVE-2016-8980 — CVSS 8.1 (high): IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML…
CVE-2014-4774 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for…
CVE-2014-8924 — CVSS 6.4 (medium): The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15…
CVE-2025-36352 — CVSS 6.4 (medium): IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user…
CVE-2016-8961 — CVSS 6.1 (medium): IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to…
CVE-2016-8966 — CVSS 5.9 (medium): IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict…
CVE-2016-8963 — CVSS 5.5 (medium): IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
CVE-2016-8981 — CVSS 5.5 (medium): IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
CVE-2016-8967 — CVSS 5.5 (medium): IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
CVE-2016-8977 — CVSS 5.3 (medium): IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be…
CVE-2023-43044 — CVSS 5.3 (medium): IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted…
CVE-2014-8926 — CVSS 5.0 (medium): Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis…
CVE-2014-8927 — CVSS 5.0 (medium): Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis…
CVE-2014-4778 — CVSS 4.3 (medium): IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options…
CVE-2025-36351 — CVSS 4.3 (medium): IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and…
CVE-2015-4929 — CVSS 4.0 (medium): IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users…
CVE-2014-4776 — CVSS 2.1 (low): IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for…