Security Privileged Identity Manager (ISPIM) Virtual Appliance

CVEs (6)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-5963	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance	Hig	0.57	8.8	0.02	Sep 26, 2016	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2016-5971	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance	Hig	0.46	7.1	0.00	Sep 26, 2016	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with…
CVE-2016-5972	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance	Med	0.44	6.8	0.00	Sep 26, 2016	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3040	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance	Med	0.44	6.8	0.00	Sep 26, 2016	IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-5970	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance	Med	0.42	6.5	0.00	Sep 26, 2016	Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2016-5974	IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance	Med	0.35	5.4	0.00	Sep 26, 2016	Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

CVE-2016-5963HigSep 26, 2016
IBM
Security Privileged Identity Manager (ISPIM) Virtual Appliance
risk 0.57cvss 8.8epss 0.02
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2016-5971HigSep 26, 2016
IBM
Security Privileged Identity Manager (ISPIM) Virtual Appliance
risk 0.46cvss 7.1epss 0.00
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with…
CVE-2016-5972MedSep 26, 2016
IBM
Security Privileged Identity Manager (ISPIM) Virtual Appliance
risk 0.44cvss 6.8epss 0.00
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3040MedSep 26, 2016
IBM
Security Privileged Identity Manager (ISPIM) Virtual Appliance
risk 0.44cvss 6.8epss 0.00
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-5970MedSep 26, 2016
IBM
Security Privileged Identity Manager (ISPIM) Virtual Appliance
risk 0.42cvss 6.5epss 0.00
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2016-5974MedSep 26, 2016
IBM
Security Privileged Identity Manager (ISPIM) Virtual Appliance
risk 0.35cvss 5.4epss 0.00
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.