Vincent Ruijter

**Name of the Vulnerable Software and Affected Versions** IBM License Metric Tool versions prior to 2.7.0.2050 Endpoint Manger for Software Use Analysis version 9 Tivoli Asset Discovery for Distributed versions 7.2.2 and 7.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption or application crash, via a crafted XML query. **Recommendations** For IBM License Metric Tool, update to version 2.7.0.2050 or later. For Endpoint Manger for Software Use Analysis version 9, at the moment, there is no information about a newer version that contains a fix for this issue. For Tivoli Asset Discovery for Distributed versions 7.2.2 and 7.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM License Metric Tool versions 7.2.2 through 9 before 2.7.0.2050 Endpoint Manger for Software Use Analysis version 9 Tivoli Asset Discovery for Distributed versions 7.2.2 through 7.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption or application crash, via a crafted XML query. **Recommendations** For IBM License Metric Tool versions 7.2.2 through 9, update to version 2.7.0.2050 or later. For Endpoint Manger for Software Use Analysis version 9, update to a version that includes the fix for this issue. For Tivoli Asset Discovery for Distributed versions 7.2.2 through 7.5, update to a version that includes the fix for this issue.