PT-2015-4128 · Ibm · Tivoli Asset Discovery For Distributed+1

Published

2015-05-20

Updated

2017-01-03

CVE-2014-8924

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM License Metric Tool versions 7.2.2 before IF15 and 7.5 before IF24 Tivoli Asset Discovery for Distributed versions 7.2.2 before IF15 and 7.5 before IF24

Description The issue allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For IBM License Metric Tool versions 7.2.2 before IF15, apply the IF15 fix or later. For IBM License Metric Tool version 7.5 before IF24, apply the IF24 fix or later. For Tivoli Asset Discovery for Distributed versions 7.2.2 before IF15, apply the IF15 fix or later. For Tivoli Asset Discovery for Distributed version 7.5 before IF24, apply the IF24 fix or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-8924

Affected Products

Ibm License Metric Tool

Tivoli Asset Discovery For Distributed

PT-2015-4128 · Ibm · Tivoli Asset Discovery For Distributed+1

CVE-2014-8924

Related Identifiers

Affected Products

References · 3