Vulnerabilities > IBM > Security Privileged Identity Manager Virtual Appliance > High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-26	CVE-2016-5971	XXE vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. network low complexity ibm CWE-611	7.1
2016-09-26	CVE-2016-5963	Improper Access Control vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. network low complexity ibm CWE-284	8.8
2016-09-26	CVE-2016-5957	Cryptographic Issues vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. network low complexity ibm CWE-310	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.