CVE-2014-8927 - OpenCVE

Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Endpoint Manager Family License Metric Tool Tivoli Asset Discovery For Distributed

Configuration 1 [-]

OR	cpe:2.3:a:ibm:endpoint_manager_family:9.0:::::::*
	cpe:2.3:a:ibm:license_metric_tool:7.2.2:::::::*
	cpe:2.3:a:ibm:license_metric_tool:7.5:::::::*
	cpe:2.3:a:ibm:license_metric_tool:9.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.2.2.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.5:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21882695

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2015-05-25T14:00:00

Updated: 2024-08-06T13:33:12.613Z

Reserved: 2014-11-14T00:00:00

Link: CVE-2014-8927

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-05-25T14:59:06.763

Modified: 2015-05-26T17:55:14.727

Link: CVE-2014-8927

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-25T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-8927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:33:12.613Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-8927", "datePublished": "2015-05-25T14:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2024-08-06T13:33:12.613Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:endpoint_manager_family:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B598889D-9542-48AC-BC47-A5AC6003C1E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "26CC2FED-B9A4-48E5-AFB2-084212D667A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BE43D33-3FF7-4144-B220-5F3CCFE5E458", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:license_metric_tool:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "87460E3D-45AB-40A2-8984-4726F2CE5124", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71EE3DE-6581-4A92-BBB3-EA795439B643", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_discovery_for_distributed:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A9545AA8-2F1E-4FB9-9D22-B3E109047F9B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926."}, {"lang": "es", "value": "Common Inventory Technology (CIT) anterior a 2.7.0.2050 en IBM License Metric Tool 7.2.2, 7.5, y 9; Endpoint Manger for Software Use Analysis 9; y Tivoli Asset Discovery for Distributed 7.2.2 y 7.5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU o ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una consulta XML manipulada, una vulnerabilidad diferente a CVE-2014-8926."}], "id": "CVE-2014-8927", "lastModified": "2015-05-26T17:55:14.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-25T14:59:06.763", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}