Information disclosure in Ibm Security_privileged_identity_manager
CVE-2016-5958
IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP sessio…
Vulnerability class: Information Disclosure
EPSS: 0.017 (74.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Ibm Security_privileged_identity_manager — versions 2.0.2, 2.1
- Ibm Corporation Privileged Identity Manager — versions 1.0.1, 2.0.1, 2.1.0
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-5958?
- CVE-2016-5958 is a high-severity vulnerability in Ibm Security_privileged_identity_manager, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-02-01.
- How severe is CVE-2016-5958?
- High severity. CVSS v3 base score is 7.5 out of 10.