← Back

Security Privileged Identity Manager Virtual Appliance

security_privileged_identity_manager_virtual_appliance

Vendor: Ibm • 7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-5974
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML v...Show more
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.Show less
CVE-2016-5972
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
6.8 MEDIUM· v3
4.9 MEDIUM· v2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify d...Show more
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.Show less
CVE-2016-5971
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
7.1 HIGH· v3
5.5 MEDIUM· v2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document cont...Show more
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.Show less
CVE-2016-5970
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2016-5963
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2016-5957
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorith...Show more
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.Show less
CVE-2016-3040
1Ibm
1Security Privileged Identity Manager Virtual Appliance
May 6, 2026
Sep 26, 2016
N/A· v4
6.8 MEDIUM· v3
4.9 MEDIUM· v2
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sit...Show more
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.Show less