Tivoli Endpoint Manager

tivoli_endpoint_manager

Vendor: Ibm • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-0718 1Ibm 1Tivoli Endpoint Manager Nov 21, 2024 Feb 18, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.
CVE-2014-6137 1Ibm 1Tivoli Endpoint Manager May 6, 2026 Feb 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6113 1Ibm 1Tivoli Endpoint Manager May 6, 2026 Feb 16, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3066 1Ibm 1Tivoli Endpoint Manager May 6, 2026 Jul 2, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External...Show more IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.Show less
CVE-2013-0452 1Ibm 2Software Use Analysis Tivoli Endpoint Manager Apr 29, 2026 Mar 29, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a...Show more Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.Show less
CVE-2013-0453 1Ibm 1Tivoli Endpoint Manager Apr 29, 2026 Mar 21, 2013 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2012-4841 1Ibm 1Tivoli Endpoint Manager Apr 29, 2026 Nov 29, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.
CVE-2012-1837 1Ibm 1Tivoli Endpoint Manager Apr 29, 2026 Mar 22, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for...Show more The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.Show less
CVE-2012-0719 1Ibm 1Tivoli Endpoint Manager Apr 29, 2026 Mar 22, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.