Home/Product/ibm license metric tool
Product

ibm license metric tool

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-36352
< 9.2.41
IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authentica
6.4MEDIUM
 CVE-2025-36351
>= 9.2.0 and < 9.2.41
IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interfa
4.3MEDIUM
 CVE-2023-43044
< 9.2.33
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a speciall
5.3MEDIUM
 CVE-2016-8964
>= 9.0 and < 9.2.8
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account c
9.8CRITICAL
 CVE-2016-8977
all versions
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information cou
5.3MEDIUM
 CVE-2016-8963
all versions
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
5.5MEDIUM
 CVE-2016-8967
all versions
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
5.5MEDIUM
 CVE-2016-8981
all versions
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
5.5MEDIUM
 CVE-2016-8980
all versions
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processi
8.1HIGH
 CVE-2016-8966
all versions
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HT
5.9MEDIUM
 CVE-2016-8961
all versions
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a
6.1MEDIUM
 CVE-2015-4929
all versions
IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticate
 CVE-2014-8927
all versions
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use
 CVE-2014-8926
all versions
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use
 CVE-2014-4778
all versions
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Op
 CVE-2014-4774
all versions
Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager
 CVE-2014-8924
all versions
The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 befor
 CVE-2014-4776
all versions
IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it eas
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh