CVE-2016-5972

Published: Sep 26, 2016Modified: May 6, 2026

6.8

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.6 / Impact: 5.2

Source: NVD

Description

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

Affected (1)

Products: Ibm: Security Privileged Identity Manager Virtual Appliance

Ibm

1 product

Security Privileged Identity Manager Virtual Appliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Privileged Identity Manager Virtual Appliance	Up to 2.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21989205

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/93077

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21989205

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/93077

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.