Vulnerabilities for Security privileged identity manager virtual appliance (...) - CXSECURITY.COM

Vulnerabilities for
'Security privileged identity manager virtual appliance'

2016-09-26

CVE-2016-5974

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

CVE-2016-5972

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

CVE-2016-5971

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE-2016-5970

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

CVE-2016-5963

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVE-2016-5957

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm.

CVE-2016-3040

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

>>> Vendor: IBM 1045 Products

Lotus domino mail server

Lotus domino server

Aix enetwork firewall

Websphere application server

Tivoli opc tracker agent

Netfinity remote control

System data repository

Navio nc browser

Network station manager

Http server ssl module common

Tivoli management framework

Db2 universal database

Websphere plugin

Net.commerce hosting server

Websphere commerce suite

High availability cluster multiprocessing

Informix web datablade

Tivoli secureway policy director

Alphaworks tftp server

Secureway directory

Lotus domino r5

Visualage for java

Tivoli storage manager

Websphere caching proxy server

Secureway firewall

Aix parallel systems support programs

Lotus notes client

Lotus domino web server

Tivoli firewall toolbox

Internet security systems blackice defender

Websphere edge server caching proxy

Informix dynamic server

Informix extended parallel server

Parallel environment

Trading partner interchange

Tivoli directory server

Tivoli access manager for e-business

Tivoli access manager identity manager solution

Tivoli configuration manager

Tivoli configuration manager for atm

Websphere everyplace server

Hardware management console

Rational clearquest

Lotus domino enterprise server

Db2 content manager

Informix dynamic database server

Lotus domino inotes client

Tivoli business systems manager

Network appliance data ontap

Lotus domino web access

Inventory scout

Client security password manager

Informix client sdk

Informix i-connect

Websphere host on-demand

Tivoli identity manager

Filenet p8 application engine

Tivoli provisioning manager os deployment

Tivoli business service manager

Tivoli monitoring express

See all Products for Vendor IBM

Copyright 2024, cxsecurity.com