CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43044 – IBM License Metric Tool directory traversal
https://notcve.org/view.php?id=CVE-2023-43044
28 Sep 2023 — IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la línea de comandos del sistema operativo host puede elevar los privilegios para obtener ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266893 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8964
https://notcve.org/view.php?id=CVE-2016-8964
13 Jul 2017 — IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. IBM BigFix Inventory v9 9.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto acceder por fuerza bruta a las credenciales de cuenta. IBM X-Force ID: 118853. • http://www.ibm.com/support/docview.wss?uid=swg21995024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4929
https://notcve.org/view.php?id=CVE-2015-4929
11 Oct 2015 — IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. IBM License Metric Tool 9 en versiones anteriores a 9.2.1.0 y Endpoint Manager para Software Use Analysis 9 en versiones anteriores a 9.2.1.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y obtener información sensible a través de una pet... • http://www-01.ibm.com/support/docview.wss?uid=swg21966169 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-8926
https://notcve.org/view.php?id=CVE-2014-8926
25 May 2015 — Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927. Common Inventory Technology (CIT) anterior a 2.7.0.2050 en IBM License Metric Tool 7.2.2, 7.5, y 9; Endpoint Manger for Software Use Analysis 9; y Ti... • http://www-01.ibm.com/support/docview.wss?uid=swg21882695 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4774
https://notcve.org/view.php?id=CVE-2014-4774
25 May 2015 — Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element. Vulnerabilidad de CSRF en la página de inicio de sesión en IBM License Metric Tool 9 anterior a 9.1.0.2 y Endpoint Manager for Software Use Analysis 9 anterior a 9.1.0.2 permite a atacantes remotos secuestrar la autenticación d... • http://www-01.ibm.com/support/docview.wss?uid=swg21701389 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4778
https://notcve.org/view.php?id=CVE-2014-4778
25 May 2015 — IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element. IBM License Metric Tool 9 anterior a 9.1.0.2 y Endpoint Manager for Software Use Analysis 9 anterior a 9.1.0.2 no envían una cabecera HTTP de opciones X-Frame en respuesta a solicitudes para la página de inicio de sesió... • http://www-01.ibm.com/support/docview.wss?uid=swg21701389 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4776
https://notcve.org/view.php?id=CVE-2014-4776
20 May 2015 — IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. IBM License Metric Tool 9 anterior a 9.1.0.2 no tiene un atributar de apagar el autocompletado para los campos de autenticación, lo que facilita a atacantes remotos obtener el acceso mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21713641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •