Information disclosure in Ibm Security_privileged_identity_manager

CVE-2016-5958

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP sessio…

Vulnerability class: Information Disclosure

EPSS: 0.017 (74.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2016-5958?
CVE-2016-5958 is a high-severity vulnerability in Ibm Security_privileged_identity_manager, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-02-01.
How severe is CVE-2016-5958?
High severity. CVSS v3 base score is 7.5 out of 10.