Unrated severityNVD Advisory· Published May 20, 2015· Updated May 6, 2026

CVE-2014-8924

Description

The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected products

IBM/License Metric Tool2 versions
cpe:2.3:a:ibm:license_metric_tool:7.2.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:license_metric_tool:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:*
IBM/Tivoli Asset Discovery For Distributed2 versions
cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.2.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
www.securitytracker.com/id/1032275nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000