Vulnerabilities > IBM > Security Privileged Identity Manager > 2.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-1483 | Missing Authentication for Critical Function vulnerability in IBM products IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.6 |
| 2017-09-28 | CVE-2017-1407 | Command Injection vulnerability in IBM products IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-06-07 | CVE-2016-5960 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
| 2017-06-07 | CVE-2016-5959 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. | 5.3 |
| 2017-02-01 | CVE-2016-5990 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. | 6.3 |
| 2017-02-01 | CVE-2016-5988 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. | 6.5 |
| 2017-02-01 | CVE-2016-5966 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-02-01 | CVE-2016-5964 | Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2 IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-02-01 | CVE-2016-5958 | Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1 IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. | 7.5 |
| 2016-11-24 | CVE-2016-2996 | Improper Input Validation vulnerability in IBM Security Privileged Identity Manager 2.0.0/2.0.1/2.0.2 IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. | 6.5 |