Security Bulletin: IBM Security Privileged Identity Manager is affected by remote code execution (CVE-2020-4450)

Summary IBM Security Privileged Identity Manager has addressed an issue for WebSphere Application Server which is vulnerable to a Remote Command Execution vulnerability. Vulnerability Details CVEID: CVE-2020-4450 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a...

Security Bulletin: Multiple Security Vulnerabilities Fixed in IBM Security Privileged Identity Manager

Summary IBM Security Privileged Identity Manager is affected by multiple freetype vulnerabilities. The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Privileged Identity Manager OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK:...

CVE-2016-5960

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171...

CVE-2016-5971

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference,...