License Metric Tool: Security enhancements

Flashes (Alerts)

Abstract

The following security enhancements and mitigations were introduced in the recent releases of License Metric Tool and HCL BigFix Platform.

Content

IMPORTANT:

Starting from application update 9.2.40, information about security enhancements is available directly in the License Metric Tool documentation: https://www.ibm.com/docs/en/license-metric-tool/9.2.0?topic=new-security-enhancements.

IBM License Metric Tool enhancements and mitigations list
HCL BigFix Platform enhancements and mitigations list

IBM License Metric Tool

License Metric Tool application update	Enhancement details	Addressed CVEs
9.2.39	Multiple Vulnerabilities affects IBM License Metric Tool v9.	CVE-2025-25184 CVE-2024-45296 CVE-2024-52798 CVE-2024-57965 CVE-2025-27111 CVE-2024-21235 CVE-2024-21217 CVE-2024-21210 CVE-2024-21208 CVE-2024-10917 CVE-2024-12797 CVE-2025-27152
9.2.38	A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool	CVE-2024-49761
9.2.38	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-41128
9.2.37	A vulnerability in fugit gem affects IBM License Metric Tool	CVE-2024-43380
	A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool	CVE-2024-43398 CVE-2024-41946 CVE-2024-41123 CVE-2024-39908
	A vulnerability in JavaScript affects IBM License Metric Tool v9	CVE-2024-39338
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2024-21147 CVE-2024-21145 CVE-2024-21140 CVE-2024-21144 CVE-2024-21138 CVE-2024-21131 CVE-2024-27267
	Security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool	CVE-2023-50314
9.2.36	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2024-35152 CVE-2024-35136 CVE-2024-37529 CVE-2024-31882 CVE-2024-31880 CVE-2024-31881 CVE-2023-29267 CVE-2024-28762
	Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool	CVE-2024-22329 CVE-2023-51775 CVE-2023-50312 CVE-2024-22354 CVE-2024-25026 CVE-2024-22353 CVE-2024-27268
	Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool	CVE-2024-30172 CVE-2024-29857 CVE-2024-30171
	A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176)	CVE-2024-35176
9.2.35	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2024-22360 CVE-2023-52296 CVE-2024-27254 CVE-2023-38729 CVE-2024-25030 CVE-2024-25046
	Security vulnerabilities in Apache Commons Compress affects IBM License Metric Tool v9	CVE-2024-25710 CVE-2024-26308
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2024-26144
	IBM License Metric Tool is vulnerable to cross-script scripting due to use of jQuery Cookie.	CVE-2022-23395
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2024-20952 CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 CVE-2024-20926 CVE-2024-20945 CVE-2023-33850
9.2.34	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2023-38727 CVE-2023-43020 CVE-2023-38003 CVE-2023-47701 CVE-2023-40687 CVE-2023-29258 CVE-2023-46167 CVE-2023-40692 CVE-2023-50308 CVE-2023-47141 CVE-2023-45193 CVE-2023-47747 CVE-2023-47158 CVE-2023-47746 CVE-2023-47152 CVE-2023-27859
	Security vulnerabilities have been identified in bzip2 shipped with IBM License Metric Tool v9	CVE-2019-12900
	Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2023-46158
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2023-22081 CVE-2023-22067 CVE-2023-5676
9.2.33	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2023-38719 CVE-2023-30987 CVE-2023-40372 CVE-2023-38740 CVE-2023-30991 CVE-2023-40374 CVE-2023-38728 CVE-2023-40373 CVE-2023-38720
	Security vulnerability has been identified in IBM License Metric Tool v9	CVE-2023-43044
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 and could allow cross-site scripting	CVE-2023-28362
9.2.32	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2023-27868 CVE-2023-27867 CVE-2023-27869 CVE-2023-30447 CVE-2023-30446 CVE-2023-30443 CVE-2023-30448 CVE-2023-30445 CVE-2023-30449 CVE-2023-29256 CVE-2023-23487 CVE-2023-30431
9.2.32	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2023-21930 CVE-2023-21967 CVE-2023-21954 CVE-2023-21939 CVE-2023-21968 CVE-2023-21937 CVE-2023-21938 CVE-2023-2597
9.2.31	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2022-43927 CVE-2022-43927 CVE-2022-43930
9.2.30	A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2022-34165
9.2.30	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2022-21628 CVE-2022-21626 CVE-2022-21624 CVE-2022-21619
9.2.29	No new vulnerabilities were reported.
9.2.28	A vulnerability in zlib affects IBM Common Inventory Technology	CVE-2018-25032
9.2.27	A vulnerability in Java affects IBM License Metric Tool v9	CVE-2021-35550
	A vulnerability in Java affects IBM License Metric Tool v9	CVE-2021-35603
	A vulnerability in Java affects IBM License Metric Tool v9	CVE-2021-35560 CVE-2021-35586 CVE-2021-35578 CVE-2021-35564 CVE-2021-35559 CVE-2021-35556 CVE-2021-35565 CVE-2021-35588 CVE-2021-41035
9.2.26	Security vulnerability has been identified in Apache Log4j library shipped with IBM License Metric Tool v9	CVE-2021-44228
9.2.26	Security vulnerabilities in Apache Commons Compress affects IBM License Metric Tool v9	CVE-2021-35517 CVE-2021-36090
9.2.25	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29752
	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29763
	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29825
	Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool	CVE-2020-1971 CVE-2021-23840 CVE-2020-13434 CVE-2020-12435 CVE-2018-20505 CVE-2019-19645 CVE-2020-14281
	Security vulnerability have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-29702
	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-20579 CVE-2020-4945 CVE-2021-29777 CVE-2020-4885 CVE-2021-29703
9.2.24	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2021-22885)	CVE-2021-22885
9.2.24	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2021-20579 CVE-2020-4945 CVE-2021-29777 CVE-2020-4885 CVE-2021-29703
9.2.23	A vulnerability in IBM Java SDK affects IBM License Metric Tool v9 (CVE-2020-14782)	CVE-2020-14782
9.2.23	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2020-14803 CVE-2020-27221
9.2.22	A vulnerability in JavaScript affects IBM License Metric Tool v9 (CVE-2020-8203)	CVE-2020-8203
9.2.21	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166)	CVE-2020-8166
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164)	CVE-2020-8164
	Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9	CVE-2020-8184 CVE-2020-7663
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14556 CVE-2020-14581 CVE-2020-14579 CVE-2020-14578 CVE-2020-14577 CVE-2019-17639
9.2.20	A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2020-4329
	A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2020-4303 CVE-2020-4304
	Vulnerabilities in jQuery affect IBM License Metric Tool v9	CVE-2020-11023 CVE-2020-11022
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2020-2805 CVE-2020-2803 CVE-2020-2830 CVE-2020-2781 CVE-2020-2800 CVE-2020-2757 CVE-2020-2756 CVE-2020-2755 CVE-2020-2754
9.2.19	Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool v9	CVE-2018-1000613 CVE-2018-1000180
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2019-16782
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9	CVE-2019-4732 CVE-2020-2659 CVE-2020-2604 CVE-2020-2593 CVE-2020-2583
	A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9	CVE-2019-4720
	A vulnerability in Ruby on Rails affects IBM License Metric Tool v9	CVE-2019-16779
	Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9	CVE-2020-4230 CVE-2020-4204 CVE-2020-4200 CVE-2020-4161 CVE-2020-4135
9.2.18	Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9.	CVE-2019-4441 CVE-2019-4305 CVE-2019-4304 CVE-2014-3603
	Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.	CVE-2019-16892 CVE-2019-15587 CVE-2019-5477
	Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.	CVE-2019-2989 CVE-2019-2975 CVE-2019-2958

HCL BigFix Platform

HCL BigFix Platform	Enhancement details	Addressed CVEs
9.5.x 10.0.x 11.0.x	HCL BigFix Platform is affected by multiple security vulnerabilities	CVE-2023-38545 CVE-2023-37531 CVE-2023-37530 CVE-2023-37529 CVE-2023-37528 CVE-2023-37527 CVE-2024-23552 CVE-2024-23553
	HCL BigFix Platform is affected by multiple security vulnerabilities	CVE-2023-45706 CVE-2023-45705 CVE-2023-45715 CVE-2023-48795 CVE-2023-46219 CVE-2023-36417 CVE-2023-36420 CVE-2023-36730 CVE-2023-36785 CVE-2023-36728
	HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS) and libssh2 security vulnerabilities	CVE-2023-37519 CVE-2023-37520 CVE-2020-22218
	HCL BigFix Platform is affected by a heap buffer overflow vulnerability	CVE-2023-4863

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JFY","label":"IBM License Metric Tool"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Tips

License Metric Tool: Security enhancements

Flashes (Alerts)

Abstract

Content

IBM License Metric Tool

A vulnerability in fugit gem affects IBM License Metric Tool

A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool

A vulnerability in JavaScript affects IBM License Metric Tool v9

Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9

Security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool

Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9

Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool

Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool

A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176)

Security vulnerabilities have been identified in bzip2 shipped with IBM License Metric Tool v9

Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9

Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9

Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9

HCL BigFix Platform

HCL BigFix Platform is affected by multiple security vulnerabilities

HCL BigFix Platform is affected by multiple security vulnerabilities

HCL BigFix Platform is affected by a heap buffer overflow vulnerability

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?