Ibm Endpoint Manager Family vulnerabilities

5 known vulnerabilities affecting ibm/endpoint_manager_family.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2014-4778MEDIUMCVSS 4.3v9.0.1v9.1.02015-05-25
CVE-2014-4778 [MEDIUM] CWE-20 CVE-2014-4778: IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1 IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.
nvd
CVE-2015-1915MEDIUMCVSS 4.3v9.0.1v9.1.02015-05-25
CVE-2015-1915 [MEDIUM] CWE-200 CVE-2015-1915: The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Manag The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
nvd
CVE-2014-8926MEDIUMCVSS 5.0v9.02015-05-25
CVE-2014-8926 [MEDIUM] CWE-399 CVE-2014-8926: Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; En Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2
nvd
CVE-2014-4774MEDIUMCVSS 6.8v9.0.1v9.1.02015-05-25
CVE-2014-4774 [MEDIUM] CWE-352 CVE-2014-4774: Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 befor Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.
nvd
CVE-2014-8927MEDIUMCVSS 5.0v9.02015-05-25
CVE-2014-8927 [MEDIUM] CVE-2014-8927: Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; En Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926
nvd