CNNVD-202509-4401 Information

CNNVD ID

CNNVD-202509-4401

Related CVE

CVE-2025-36351

• CNNVD Published: 2025-09-29

Description (Chinese)

IBM License Metric Tool是美国国际商业机器（IBM）公司的一套可帮助IBM Passport Advantage（软件升级与支持服务）客户决定其处理器价值单元（PVU）许可需求的免费工具。 IBM License Metric Tool 9.2.40及之前版本存在访问控制错误漏洞，该漏洞源于REST API接口访问控制不当，可能导致未经授权的操作。

Description (English)

IBM License Metric Tool is a set of free tools by the United States International Business Machine (IBM) to help IBM Passport Advantage (Software Upgrading and Support Services) clients determine their processing unit (PVU) licence requirements. There was an access control error gap in IBM License Medical Tool 9.2.40 and earlier versions, which stemmed from inadequate access controls at the REST API interface, which could lead to unauthorized operations.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

国际商业机器

Published

2025-09-29

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7246534

Patch

https://www.ibm.com/support/pages/node/7246534