Ibm Security Privileged Identity Manager

10 CVEs affecting Ibm Security Privileged Identity Manager. Latest disclosed: 2019-04-02. Critical: 0, High: 2.

Top CVEs affecting Ibm Security Privileged Identity Manager
CVESeverityScorePublishedSummary
CVE-2018-1640High8.82019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By se…
CVE-2018-1618High7.72019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2018-1680Medium5.92019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2016-5960Medium5.52017-06-07IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 1161…
CVE-2016-5959Medium5.32017-06-07IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorize…
CVE-2018-1625Medium4.32019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, o…
CVE-2018-1622Medium4.32019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious…
CVE-2017-1705Medium4.32018-03-30IBM Security Privileged Identity Manager 2.1.0 contains left-over, sensitive information in page comments. While this information is not visible at first it ca…
CVE-2018-1623Medium4.02019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-F…
CVE-2018-1626Low3.12019-04-02IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to sessio…