CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5972
https://notcve.org/view.php?id=CVE-2016-5972
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 utiliza permisos débiles para fuentes no especificadas, lo que permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5974
https://notcve.org/view.php?id=CVE-2016-5974
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. Vulnerabilidad de XSS en la Web UI en IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena embebida. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5963
https://notcve.org/view.php?id=CVE-2016-5963
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 no valida correctamente actualizaciones, lo que permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93076 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5957
https://notcve.org/view.php?id=CVE-2016-5957
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x en versiones anteriores a 2.0.2 FP8 permite a atacantes remotos derrotar los mecanismos de protección criptográficos y obtener información sensible aprovechando un algoritmo débil. • http://www-01.ibm.com/support/docview.wss?uid=swg21989205 http://www.securityfocus.com/bid/93083 • CWE-310: Cryptographic Issues •