CVE-2025-36351

CWE-284Improper Access Control3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 86.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM License Metric Tool
Timeline
PublishedSep 29

Description

IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/license_metric_tool9.2.09.2.41
CVEListV5ibm/license_metric_tool9.2.09.2.40

🔴Vulnerability Details

2
GHSA
GHSA-c8g5-gffj-4cw8: IBM License Metric Tool 92025-09-29
CVEList
IBM License Metric Tool bypass security2025-09-29
CVE-2025-36351 (MEDIUM CVSS 4.3) | IBM License Metric Tool 9.2.0 throu | cvebase.io