License Metric Tool: Security enhancements

Flashes (Alerts)

Abstract

The following security enhancements and mitigations were introduced in the recent releases of License Metric Tool and HCL BigFix Platform.

Content

Go to IBM License Metric Tool enhancements and mitigations list.

Go to HCL BigFix Platform enhancements and mitigations list.

IBM License Metric Tool

License Metric Tool application update	Enhancement details	Addressed CVEs
9.2.35	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2024-22360 CVE-2023-52296 CVE-2024-27254 CVE-2023-38729 CVE-2024-25030 CVE-2024-25046
	Security vulnerabilities in Apache Commons Compress affects IBM License Metric Tool v9	CVE-2024-25710 CVE-2024-26308
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2024-26144
	IBM License Metric Tool is vulnerable to cross-script scripting due to use of jQuery Cookie.	CVE-2022-23395
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2024-20952 CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 CVE-2024-20926 CVE-2024-20945 CVE-2023-33850
9.2.34	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2023-38727 CVE-2023-43020 CVE-2023-38003 CVE-2023-47701 CVE-2023-40687 CVE-2023-29258 CVE-2023-46167 CVE-2023-40692 CVE-2023-50308 CVE-2023-47141 CVE-2023-45193 CVE-2023-47747 CVE-2023-47158 CVE-2023-47746 CVE-2023-47152 CVE-2023-27859
	Security vulnerabilities have been identified in bzip2 shipped with IBM License Metric Tool v9	CVE-2019-12900
	Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2023-46158
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2023-22081 CVE-2023-22067 CVE-2023-5676
9.2.33	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2023-38719 CVE-2023-30987 CVE-2023-40372 CVE-2023-38740 CVE-2023-30991 CVE-2023-40374 CVE-2023-38728 CVE-2023-40373 CVE-2023-38720
	Security vulnerability has been identified in IBM License Metric Tool v9	CVE-2023-43044
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 and could allow cross-site scripting	CVE-2023-28362
9.2.32	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2023-27868 CVE-2023-27867 CVE-2023-27869 CVE-2023-30447 CVE-2023-30446 CVE-2023-30443 CVE-2023-30448 CVE-2023-30445 CVE-2023-30449 CVE-2023-29256 CVE-2023-23487 CVE-2023-30431
9.2.32	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2023-21930 CVE-2023-21967 CVE-2023-21954 CVE-2023-21939 CVE-2023-21968 CVE-2023-21937 CVE-2023-21938 CVE-2023-2597
9.2.31	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2022-43927 CVE-2022-43927 CVE-2022-43930
9.2.30	A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2022-34165
9.2.30	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2022-21628 CVE-2022-21626 CVE-2022-21624 CVE-2022-21619
9.2.29	No new vulnerabilities were reported.
9.2.28	A vulnerability in zlib affects IBM Common Inventory Technology	CVE-2018-25032
9.2.27	A vulnerability in Java affects IBM License Metric Tool v9	CVE-2021-35550
	A vulnerability in Java affects IBM License Metric Tool v9	CVE-2021-35603
	A vulnerability in Java affects IBM License Metric Tool v9	CVE-2021-35560 CVE-2021-35586 CVE-2021-35578 CVE-2021-35564 CVE-2021-35559 CVE-2021-35556 CVE-2021-35565 CVE-2021-35588 CVE-2021-41035
9.2.26	Security vulnerability has been identified in Apache Log4j library shipped with IBM License Metric Tool v9	CVE-2021-44228
9.2.26	Security vulnerabilities in Apache Commons Compress affects IBM License Metric Tool v9	CVE-2021-35517 CVE-2021-36090
9.2.25	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29752
	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29763
	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29825
	Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool	CVE-2020-1971 CVE-2021-23840 CVE-2020-13434 CVE-2020-12435 CVE-2018-20505 CVE-2019-19645 CVE-2020-14281
	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29702
	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-20579 CVE-2020-4945 CVE-2021-29777 CVE-2020-4885 CVE-2021-29703
9.2.24	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2021-22885)	CVE-2021-22885
9.2.24	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-20579 CVE-2020-4945 CVE-2021-29777 CVE-2020-4885 CVE-2021-29703
9.2.23	A vulnerability in IBM Java SDK affects IBM License Metric Tool v9 (CVE-2020-14782)	CVE-2020-14782
9.2.23	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2020-14803 CVE-2020-27221
9.2.22	A vulnerability in JavaScript affects IBM License Metric Tool v9 (CVE-2020-8203)	CVE-2020-8203
9.2.21	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166)	CVE-2020-8166
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164)	CVE-2020-8164
	Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9	CVE-2020-8184 CVE-2020-7663
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14556 CVE-2020-14581 CVE-2020-14579 CVE-2020-14578 CVE-2020-14577 CVE-2019-17639
9.2.20	A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2020-4329
	A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2020-4303 CVE-2020-4304
	Vulnerabilities in jQuery affect IBM License Metric Tool v9	CVE-2020-11023 CVE-2020-11022
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2020-2805 CVE-2020-2803 CVE-2020-2830 CVE-2020-2781 CVE-2020-2800 CVE-2020-2757 CVE-2020-2756 CVE-2020-2755 CVE-2020-2754
9.2.19	Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool v9	CVE-2018-1000613 CVE-2018-1000180
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2019-16782
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2019-4732 CVE-2020-2659 CVE-2020-2604 CVE-2020-2593 CVE-2020-2583
	A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2019-4720
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2019-16779
	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2020-4230 CVE-2020-4204 CVE-2020-4200 CVE-2020-4161 CVE-2020-4135
9.2.18	Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9.	CVE-2019-4441 CVE-2019-4305 CVE-2019-4304 CVE-2014-3603
	Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.	CVE-2019-16892 CVE-2019-15587 CVE-2019-5477
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.	CVE-2019-2989 CVE-2019-2975 CVE-2019-2958

HCL BigFix Platform

HCL BigFix Platform	Enhancement details	Addressed CVEs
9.5.x 10.0.x 11.0.x	HCL BigFix Platform is affected by multiple security vulnerabilities	CVE-2023-38545 CVE-2023-37531 CVE-2023-37530 CVE-2023-37529 CVE-2023-37528 CVE-2023-37527 CVE-2024-23552 CVE-2024-23553
	HCL BigFix Platform is affected by multiple security vulnerabilities	CVE-2023-45706 CVE-2023-45705 CVE-2023-45715 CVE-2023-48795 CVE-2023-46219 CVE-2023-36417 CVE-2023-36420 CVE-2023-36730 CVE-2023-36785 CVE-2023-36728
	HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS) and libssh2 security vulnerabilities	CVE-2023-37519 CVE-2023-37520 CVE-2020-22218
	HCL BigFix Platform is affected by a heap buffer overflow vulnerability	CVE-2023-4863

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JFY","label":"IBM License Metric Tool"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]

Tips

License Metric Tool: Security enhancements

Flashes (Alerts)

Abstract

Content

IBM License Metric Tool

Security vulnerabilities have been identified in bzip2 shipped with IBM License Metric Tool v9

Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9

Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9

Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9

HCL BigFix Platform

HCL BigFix Platform is affected by multiple security vulnerabilities

HCL BigFix Platform is affected by multiple security vulnerabilities

HCL BigFix Platform is affected by a heap buffer overflow vulnerability

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?