Information Disclosure Vulnerability in IBM Security Privileged Identity Manager
CVE-2016-5959

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Security Privileged Identity Manager
Vendor
CVE Published:
7 June 2017

Summary

IBM Security Privileged Identity Manager versions 2.0.2 and 2.1.0 have a vulnerability that allows sensitive information to be stored in URL parameters. If unauthorized parties gain access to these URLs through server logs, referrer headers, or browser history, it may lead to potential information disclosure. This vulnerability raises serious concerns over data security and the integrity of sensitive information managed by the application.

Affected Version(s)

Security Privileged Identity Manager 2.0.2

Security Privileged Identity Manager 2.1.0

References

http://www.ibm.com/support/docview.wss?uid=swg22003092
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/116136
x_refsource_MISC
http://www.securityfocus.com/bid/98829
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.