Primary

Context

IBM License Metric Tool Access Control Bypass Vulnerability in REST API

Vulnerability

Patched

An access control bypass vulnerability has been identified in the REST API of IBM License Metric Tool versions 9.2.0 through 9.2.40. This vulnerability allows authenticated users to circumvent access controls and execute unauthorized actions.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed via the REST API, potentially allowing users to manipulate data or application behavior inappropriately.

Remediation

Users are advised to upgrade to the latest version of IBM License Metric Tool, version 9.2.41 or later. Instructions for upgrading can be found in the IBM License Metric Tool documentation.

Added: Sep 29, 2025, 3:22 PM

Updated: Sep 29, 2025, 8:06 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.3

exploitability

4.9

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM License Metric Tool Access Control Bypass Vulnerability in REST API

Vulnerability

Impact

Remediation

Affected Products

IBM License Metric Tool

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating