Skip to main content

Security Privileged Identity Manager Virtual Appliance

7 CVEs product

Monthly

CVE-2016-5974 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5972 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-5971 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Denial Of Service XXE Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2016-5970 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-5963 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Authentication Bypass Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-5957 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-3040 MEDIUM PATCH This Month

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.8
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Security Privileged Identity Manager Virtual Appliance
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Denial Of Service XXE +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Privileged Identity Manager Virtual Appliance
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Authentication Bypass +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Security Privileged Identity Manager Virtual Appliance
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy