Remote Information Disclosure Vulnerability in IBM Security Privileged Identity Manager
CVE-2016-5958

7.5HIGH

Key Information:

Vendor: IBM
Status: Privileged Identity Manager
Vendor: CVE Published:; 1 February 2017

What is CVE-2016-5958?

IBM Security Privileged Identity Manager possesses a vulnerability due to inadequate security measures for session cookies. Specifically, the secure flag is not set for session cookies transmitted in SSL mode, making them susceptible to interception during HTTP sessions. This flaw can be exploited by attackers to capture sensitive information stored in the compromised session cookie. The lack of protection could lead to unauthorized access to confidential data, posing significant security risks for organizations utilizing IBM's solution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Privileged Identity Manager 1.0.1

Privileged Identity Manager 1.0.1.1

Privileged Identity Manager 2.0.0

References

http://www.ibm.com/support/docview.wss?uid=swg21996614

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95196

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Jun 29, 2016

JSON

IBM

What is CVE-2016-5958?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.