Vulnerability-Lookup

CNVD-2015-03496

Vulnerability from cnvd - Published: 2015-06-01

Title

多个IBM产品拒绝服务漏洞（CNVD-2015-03496）

Description

IBM生产并销售计算机硬件及软件，并且为系统架构和网络托管提供咨询服务。 Common Inventory Technology (CIT) 2.7.0.2050之前版本被使用在IBM License Metric Tool 7.2.2, 7.5和9版本、Endpoint Manger for Software Use Analysis 9版本及Tivoli Asset Discovery for Distributed7.2.2和7.5版本中存在拒绝服务漏洞，允许远程攻击者通过制作的XML查询可以导致拒绝服务（CPU消耗或应用程序崩溃）。

Severity

中

Patch Name

多个IBM产品拒绝服务漏洞（CNVD-2015-03496）的补丁

Patch Description

IBM生产并销售计算机硬件及软件，并且为系统架构和网络托管提供咨询服务。Common Inventory Technology (CIT) 2.7.0.2050之前版本被使用在IBM License Metric Tool 7.2.2, 7.5和9版本、Endpoint Manger for Software Use Analysis 9版本及Tivoli Asset Discovery for Distributed7.2.2和7.5版本中存在拒绝服务漏洞，允许远程攻击者通过制作的XML查询可以导致拒绝服务（CPU消耗或应用程序崩溃）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www-01.ibm.com/support/docview.wss?uid=swg21882695

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21882695

Impacted products

Name
['IBM License Metric Tool 9', 'IBM Common Inventory Technology (CIT) <2.7.0.2050', 'IBM License Metric Tool 7.2.2', 'IBM License Metric Tool 7.5', 'IBM Endpoint Manger for Software Use Analysis 9', 'IBM Tivoli Asset Discovery for Distributed 7.2.2', 'IBM Tivoli Asset Discovery for Distributed 7.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8926"
    }
  },
  "description": "IBM\u751f\u4ea7\u5e76\u9500\u552e\u8ba1\u7b97\u673a\u786c\u4ef6\u53ca\u8f6f\u4ef6\uff0c\u5e76\u4e14\u4e3a\u7cfb\u7edf\u67b6\u6784\u548c\u7f51\u7edc\u6258\u7ba1\u63d0\u4f9b\u54a8\u8be2\u670d\u52a1\u3002\r\n\r\nCommon Inventory Technology (CIT) 2.7.0.2050\u4e4b\u524d\u7248\u672c\u88ab\u4f7f\u7528\u5728IBM License Metric Tool 7.2.2, 7.5\u548c9\u7248\u672c\u3001Endpoint Manger for Software Use Analysis 9\u7248\u672c\u53caTivoli Asset Discovery for Distributed7.2.2\u548c7.5\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5236\u4f5c\u7684XML\u67e5\u8be2\u53ef\u4ee5\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08CPU\u6d88\u8017\u6216\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21882695",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03496",
  "openTime": "2015-06-01",
  "patchDescription": "IBM\u751f\u4ea7\u5e76\u9500\u552e\u8ba1\u7b97\u673a\u786c\u4ef6\u53ca\u8f6f\u4ef6\uff0c\u5e76\u4e14\u4e3a\u7cfb\u7edf\u67b6\u6784\u548c\u7f51\u7edc\u6258\u7ba1\u63d0\u4f9b\u54a8\u8be2\u670d\u52a1\u3002Common Inventory Technology (CIT) 2.7.0.2050\u4e4b\u524d\u7248\u672c\u88ab\u4f7f\u7528\u5728IBM License Metric Tool 7.2.2, 7.5\u548c9\u7248\u672c\u3001Endpoint Manger for Software Use Analysis 9\u7248\u672c\u53caTivoli Asset Discovery for Distributed7.2.2\u548c7.5\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5236\u4f5c\u7684XML\u67e5\u8be2\u53ef\u4ee5\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08CPU\u6d88\u8017\u6216\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aIBM\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-03496\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM License Metric Tool 9",
      "IBM Common Inventory Technology (CIT) \u003c2.7.0.2050",
      "IBM License Metric Tool 7.2.2",
      "IBM License Metric Tool 7.5",
      "IBM Endpoint Manger for Software Use Analysis 9",
      "IBM Tivoli Asset Discovery for Distributed 7.2.2",
      "IBM Tivoli Asset Discovery for Distributed 7.5"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-28",
  "title": "\u591a\u4e2aIBM\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-03496\uff09"
}

CVE-2014-8926 (GCVE-0-2014-8926)

Vulnerability from cvelistv5 – Published: 2015-05-25 14:00 – Updated: 2024-08-06 13:33

Summary

Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

http://www-01.ibm.com/support/docview.wss?uid=swg…

x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:12.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-25T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-8926",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882695"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-8926",
    "datePublished": "2015-05-25T14:00:00",
    "dateReserved": "2014-11-14T00:00:00",
    "dateUpdated": "2024-08-06T13:33:12.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-03496

CVE-2014-8926 (GCVE-0-2014-8926)

Tags

Sightings

Nomenclature