CVE-2014-8926 - OpenCVE

Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Endpoint Manager Family License Metric Tool Tivoli Asset Discovery For Distributed

Configuration 1 [-]

OR	cpe:2.3:a:ibm:endpoint_manager_family:9.0:::::::*
	cpe:2.3:a:ibm:license_metric_tool:7.2.2:::::::*
	cpe:2.3:a:ibm:license_metric_tool:7.5:::::::*
	cpe:2.3:a:ibm:license_metric_tool:9.0.1:::::::*
	cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.2.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.5:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21882695

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2015-05-25T14:00:00

Updated: 2024-08-06T13:33:12.552Z

Reserved: 2014-11-14T00:00:00

Link: CVE-2014-8926

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-05-25T14:59:05.700

Modified: 2015-05-26T17:51:17.620

Link: CVE-2014-8926

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-25T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-8926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:33:12.552Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-8926", "datePublished": "2015-05-25T14:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2024-08-06T13:33:12.552Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:endpoint_manager_family:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B598889D-9542-48AC-BC47-A5AC6003C1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "26CC2FED-B9A4-48E5-AFB2-084212D667A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BE43D33-3FF7-4144-B220-5F3CCFE5E458", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "40A6C16F-6CA8-4780-B5DE-2A118DA05AFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71EE3DE-6581-4A92-BBB3-EA795439B643", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A9545AA8-2F1E-4FB9-9D22-B3E109047F9B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927."}, {"lang": "es", "value": "Common Inventory Technology (CIT) anterior a 2.7.0.2050 en IBM License Metric Tool 7.2.2, 7.5, y 9; Endpoint Manger for Software Use Analysis 9; y Tivoli Asset Discovery for Distributed 7.2.2 y 7.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una consulta XML manipulada, una vulnerabilidad diferente a CVE-2014-8927."}], "id": "CVE-2014-8926", "lastModified": "2015-05-26T17:51:17.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-25T14:59:05.700", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}