cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2012-0718,https://securityvulnerability.io/vulnerability/CVE-2012-0718,,IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies.,IBM,Tivoli Endpoint Manager,5.4,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2020-02-18T17:02:49.000Z,0
CVE-2014-8926,https://securityvulnerability.io/vulnerability/CVE-2014-8926,,"Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8927.",IBM,"Tivoli Asset Discovery For Distributed,License Metric Tool,Endpoint Manager Family",,,0.00279999990016222,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2014-8927,https://securityvulnerability.io/vulnerability/CVE-2014-8927,,"Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a crafted XML query, a different vulnerability than CVE-2014-8926.",IBM,"Tivoli Asset Discovery For Distributed,License Metric Tool,Endpoint Manager Family",,,0.00279999990016222,false,,false,false,false,,,false,false,,2015-05-25T14:00:00.000Z,0
CVE-2014-6113,https://securityvulnerability.io/vulnerability/CVE-2014-6113,,Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,IBM,Tivoli Endpoint Manager,,,0.0013200000394135714,false,,false,false,false,,,false,false,,2015-02-16T00:00:00.000Z,0
CVE-2014-6137,https://securityvulnerability.io/vulnerability/CVE-2014-6137,,Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,IBM,Tivoli Endpoint Manager,,,0.0024900001008063555,false,,false,false,false,,,false,false,,2015-02-16T00:00:00.000Z,0
CVE-2014-6140,https://securityvulnerability.io/vulnerability/CVE-2014-6140,,"IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal.",IBM,Tivoli Endpoint Manager Mobile Device Management,,,0.009549999609589577,false,,false,false,false,,,false,false,,2014-12-06T15:00:00.000Z,0
CVE-2014-3066,https://securityvulnerability.io/vulnerability/CVE-2014-3066,,"IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",IBM,Tivoli Endpoint Manager,,,0.0025500000920146704,false,,false,false,false,,,false,false,,2014-07-02T10:00:00.000Z,0
CVE-2013-0452,https://securityvulnerability.io/vulnerability/CVE-2013-0452,,Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.,IBM,"Tivoli Endpoint Manager,Software Use Analysis",,,0.0013200000394135714,false,,false,false,false,,,false,false,,2013-03-29T10:00:00.000Z,0
CVE-2013-0453,https://securityvulnerability.io/vulnerability/CVE-2013-0453,,Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.,IBM,Tivoli Endpoint Manager,,,0.0008399999933317304,false,,false,false,false,,,false,false,,2013-03-21T20:00:00.000Z,0
CVE-2012-4841,https://securityvulnerability.io/vulnerability/CVE-2012-4841,,Unspecified vulnerability in Tivoli Endpoint Manager for Remote Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote attackers to cause a denial of service (resource consumption) via unknown vectors.,IBM,Tivoli Endpoint Manager,,,0.006719999946653843,false,,false,false,false,,,false,false,,2012-11-29T11:00:00.000Z,0
CVE-2012-0719,https://securityvulnerability.io/vulnerability/CVE-2012-0719,,Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program.,IBM,Tivoli Endpoint Manager,,,0.020069999620318413,false,,false,false,false,,,false,false,,2012-03-22T01:00:00.000Z,0
CVE-2012-1837,https://securityvulnerability.io/vulnerability/CVE-2012-1837,,"The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.",IBM,Tivoli Endpoint Manager,,,0.0030499999411404133,false,,false,false,false,,,false,false,,2012-03-22T01:00:00.000Z,0