CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5958
https://notcve.org/view.php?id=CVE-2016-5958
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Security Privileged Identity Manager podrían permitir a un atacante remoto obtener información sensible, provocada por la falta para establecer el indicador seguro para la cookie de sesión en modo SSL. Al interceptar su transmisión dentro de una sesión HTTP, un atacante podría explotar esta vulnerabilidad para capturar la cookie y obtener información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21996614 http://www.securityfocus.com/bid/95196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5990
https://notcve.org/view.php?id=CVE-2016-5990
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server. IBM Security Privileged Identity Manager Virtual Appliance permite a un usuario autenticado cargar archivos maliciosos que serían ejecutados automáticamente por el servidor. • http://www.ibm.com/support/docview.wss?uid=swg21996614 http://www.securityfocus.com/bid/95199 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5988
https://notcve.org/view.php?id=CVE-2016-5988
IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user. IBM Security Privileged Identity Manager Virtual Appliance podría revelar información sensible en mensajes de error generados que estarían disponibles para un usuario autenticado. • http://www.ibm.com/support/docview.wss?uid=swg21996614 http://www.securityfocus.com/bid/95198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0353
https://notcve.org/view.php?id=CVE-2016-0353
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM Security Privileged Identity Manager 2.0 en versiones anteriores a 2.0.2 FP8, cuando se utiliza Virtual Appliance, no establece el indicador seguro para la cookie de sesión en una sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg21988706 http://www.securityfocus.com/bid/94543 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2996
https://notcve.org/view.php?id=CVE-2016-2996
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. IBM Security Privileged Identity Manager 2.0 en versiones anteriores a 2.0.2 FP8, cuando se utiliza Virtual Appliance, permite a usuarios remotos autenticados añadir archivos arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21988706 • CWE-20: Improper Input Validation •