Tivoli Endpoint Manager
by IBM
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8927 | 0.00 | — | 0.01 | May 25, 2015 | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or… | |||
| CVE-2014-8926 | 0.00 | — | 0.01 | May 25, 2015 | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or… | |||
| CVE-2014-4778 | 0.00 | — | 0.01 | May 25, 2015 | IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a… | |||
| CVE-2014-4774 | 0.00 | — | 0.01 | May 25, 2015 | Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME… | |||
| CVE-2015-1915 | 0.00 | — | 0.01 | May 25, 2015 | The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this… | |||
| CVE-2014-6113 | 0.00 | — | 0.01 | Feb 16, 2015 | Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-3066 | 0.00 | — | 0.02 | Jul 2, 2014 | IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||
| CVE-2013-0452 | 0.00 | — | 0.01 | Mar 29, 2013 | Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format… | |||
| CVE-2013-0453 | 0.00 | — | 0.01 | Mar 21, 2013 | Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2012-4841 | 0.00 | — | 0.02 | Nov 29, 2012 | Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors. | |||
| CVE-2012-1837 | 0.00 | — | 0.01 | Mar 22, 2012 | The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive… | |||
| CVE-2012-0719 | 0.00 | — | 0.01 | Mar 22, 2012 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program. |
- CVE-2014-8927May 25, 2015risk 0.00cvss —epss 0.01
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or…
- CVE-2014-8926May 25, 2015risk 0.00cvss —epss 0.01
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or…
- CVE-2014-4778May 25, 2015risk 0.00cvss —epss 0.01
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a…
- CVE-2014-4774May 25, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME…
- CVE-2015-1915May 25, 2015risk 0.00cvss —epss 0.01
The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this…
- CVE-2014-6113Feb 16, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-3066Jul 2, 2014risk 0.00cvss —epss 0.02
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
- CVE-2013-0452Mar 29, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format…
- CVE-2013-0453Mar 21, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
- CVE-2012-4841Nov 29, 2012risk 0.00cvss —epss 0.02
Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.
- CVE-2012-1837Mar 22, 2012risk 0.00cvss —epss 0.01
The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive…
- CVE-2012-0719Mar 22, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.
Page 2 of 2