Lucene search
K
IbmSecurity Privileged Identity Manager Virtual Appliance

7 matches found

CVE
CVE
added 2016/09/26 1:0 a.m.48 views

CVE-2016-3040

CVE-2016-3040 is an Open Redirect vulnerability in IBM WebSphere Application Server Liberty. IBM bulletins show it can enable phishing by redirecting users to arbitrary sites and note it affects WAS Liberty in various IBM products (e.g., Spectrum Control/Tivoli Storage Productivity Center, Messag...

6.8CVSS6.4AI score0.01051EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.46 views

CVE-2016-5957

CVE-2016-5957 affects the IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance. The vulnerability arises from the use of weaker cryptographic algorithms, allowing an attacker to defeat cryptographic protections and obtain sensitive information. Affected: ISPIM Virtual Appliance 2.x ...

7.5CVSS7.6AI score0.01363EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.46 views

CVE-2016-5974

The CVE-2016-5974 entry concerns a cross-site scripting (XSS) vulnerability in the IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance Web UI. According to the provided sources, remote authenticated users could inject arbitrary JavaScript/HTML via an embedded string in the Web UI. ...

5.4CVSS5.3AI score0.00609EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.45 views

CVE-2016-5970

CVE-2016-5970 is a directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x prior to 2.0.2 FP8. The issue allows remote authenticated users to read arbitrary files via a .. in a URL. IBM’s bulletin confirms the vulnerability affecting ISPIM Virtu...

6.5CVSS6.3AI score0.01625EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.42 views

CVE-2016-5963

Summary: CVE-2016-5963 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.x prior to 2.0.2 FP8. The issue arises because updates, image backups and other patches are not adequately verified for origin/integrity, enabling an authenticated remote user to execute arbitrary code v...

8.8CVSS8.4AI score0.01587EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.40 views

CVE-2016-5971

IBM Security Privileged Identity Manager Virtual Appliance 2.x prior to 2.0.2 FP8 is affected by an XXE issue in XML processing that allows a remote authenticated user to read arbitrary files or cause memory exhaustion. The vulnerability is tied to XML External Entity processing in ISPIM Virtual ...

7.1CVSS6.8AI score0.011EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.40 views

CVE-2016-5972

CVE-2016-5972 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.x prior to 2.0.2 FP8, where permissions on a security‑critical resource are configured so that read/modify access can be obtained by unintended actors. Root cause: weak permissions on the resource. Impact per sou...

6.8CVSS6.3AI score0.00756EPSS