IBM License Metric Tool
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM License Metric Tool.
By the Year
In 2026 there have been 1 vulnerability in IBM License Metric Tool with an average score of 8.4 out of ten. Last year, in 2025 License Metric Tool had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 3.05.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 8.40 |
| 2025 | 2 | 5.35 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
It may take a day or so for new License Metric Tool vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM License Metric Tool Security Vulnerabilities
IBM Licensing Operator Priv Escalation via File Ownership in Container
CVE-2025-12985
8.4 - High
- January 20, 2026
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
Incorrect Permission Assignment for Critical Resource
IBM License Metric Tool 9.2.x REST API Access Control Bypass
CVE-2025-36351
4.3 - Medium
- September 29, 2025
IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions.
Authorization
IBM License Metric Tool 9.2.* Stored XSS in Web UI
CVE-2025-36352
6.4 - Medium
- September 29, 2025
IBM License Metric Tool 9.2.0 through 9.2.40 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM License Metric Tool 9.2 Remote Directory Traversal via URL
CVE-2023-43044
7.5 - High
- September 28, 2023
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
Directory traversal
IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive information to unauthorized users
CVE-2019-4369
7.5 - High
- June 28, 2019
IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 161807.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM License Metric Tool or by IBM? Click the Watch button to subscribe.
