Ibm Security Privileged Identity Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Privileged Identity Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2016-5964 — CVSS 9.8 (critical): IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a…
CVE-2018-1640 — CVSS 8.8 (high): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands…
CVE-2017-1407 — CVSS 8.8 (high): IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on…
CVE-2017-1483 — CVSS 8.6 (high): IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality…
CVE-2018-1618 — CVSS 7.7 (high): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An…
CVE-2016-5958 — CVSS 7.5 (high): IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the…
CVE-2016-5988 — CVSS 6.5 (medium): IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be…
CVE-2016-2996 — CVSS 6.5 (medium): IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append…
CVE-2016-5990 — CVSS 6.3 (medium): IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be…
CVE-2018-1680 — CVSS 5.9 (medium): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which…
CVE-2016-5966 — CVSS 5.9 (medium): IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the…
CVE-2016-5960 — CVSS 5.5 (medium): IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user…
CVE-2016-5959 — CVSS 5.3 (medium): IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information…
CVE-2018-1625 — CVSS 4.3 (medium): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its…
CVE-2017-1705 — CVSS 4.3 (medium): IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not…
CVE-2018-1622 — CVSS 4.3 (medium): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker…
CVE-2018-1623 — CVSS 4.0 (medium): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on…
CVE-2016-0366 — CVSS 3.7 (low): IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive…
CVE-2016-0353 — CVSS 3.7 (low): IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session…
CVE-2018-1626 — CVSS 3.1 (low): IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which…