Vulnerabilities > IBM > Security Privileged Identity Manager

DATE CVE VULNERABILITY TITLE RISK
2017-09-28 CVE-2017-1407 Command Injection vulnerability in IBM products
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-77
8.8
2017-06-07 CVE-2016-5960 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-200
5.5
2017-06-07 CVE-2016-5959 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-5990 Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
network
low complexity
ibm CWE-284
6.3
2017-02-01 CVE-2016-5988 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user.
network
low complexity
ibm CWE-200
6.5
2017-02-01 CVE-2016-5966 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.9
2017-02-01 CVE-2016-5964 Improper Access Control vulnerability in IBM Security Privileged Identity Manager 2.0.2
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-284
critical
9.8
2017-02-01 CVE-2016-5958 Information Exposure vulnerability in IBM Security Privileged Identity Manager 2.0.2/2.1
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.
network
low complexity
ibm CWE-200
7.5
2016-11-24 CVE-2016-2996 Improper Input Validation vulnerability in IBM Security Privileged Identity Manager 2.0.0/2.0.1/2.0.2
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors.
network
low complexity
ibm CWE-20
6.5
2016-11-24 CVE-2016-0353 7PK - Security Features vulnerability in IBM Security Privileged Identity Manager 2.0.0/2.0.1/2.0.2
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
high complexity
ibm CWE-254
3.7