7 matches found
CVE-2016-3040
CVE-2016-3040 is an Open Redirect vulnerability in IBM WebSphere Application Server Liberty. IBM bulletins show it can enable phishing by redirecting users to arbitrary sites and note it affects WAS Liberty in various IBM products (e.g., Spectrum Control/Tivoli Storage Productivity Center, Messag...
CVE-2016-5957
CVE-2016-5957 affects the IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance. The vulnerability arises from the use of weaker cryptographic algorithms, allowing an attacker to defeat cryptographic protections and obtain sensitive information. Affected: ISPIM Virtual Appliance 2.x ...
CVE-2016-5974
The CVE-2016-5974 entry concerns a cross-site scripting (XSS) vulnerability in the IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance Web UI. According to the provided sources, remote authenticated users could inject arbitrary JavaScript/HTML via an embedded string in the Web UI. ...
CVE-2016-5970
CVE-2016-5970 is a directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8. The issue allows remote authenticated users to read arbitrary files via a .. in a URL. IBM’s bulletin confirms the vulnerability affecting ISPIM Virtu...
CVE-2016-5963
Summary: CVE-2016-5963 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.x prior to 2.0.2 FP8. The issue arises because updates, image backups and other patches are not adequately verified for origin/integrity, enabling an authenticated remote user to execute arbitrary code v...
CVE-2016-5971
IBM Security Privileged Identity Manager Virtual Appliance 2.x prior to 2.0.2 FP8 is affected by an XXE issue in XML processing that allows a remote authenticated user to read arbitrary files or cause memory exhaustion. The vulnerability is tied to XML External Entity processing in ISPIM Virtual ...
CVE-2016-5972
CVE-2016-5972 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.x prior to 2.0.2 FP8, where permissions on a security‑critical resource are configured so that read/modify access can be obtained by unintended actors. Root cause: weak permissions on the resource. Impact per sou...