Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2016-5966

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Privileged Identity Manager
Vendor: CVE Published:; 1 February 2017

Summary

The IBM Security Privileged Identity Manager Virtual Appliance is susceptible to a vulnerability where improper implementation of HTTP Strict Transport Security (HSTS) may allow remote attackers to intercept sensitive information. This can lead to data leakage through man-in-the-middle attacks, potentially compromising the security of user credentials and other confidential data.

Affected Version(s)

Privileged Identity Manager 1.0.1

Privileged Identity Manager 1.0.1.1

Privileged Identity Manager 2.0.0

References

http://www.ibm.com/support/docview.wss?uid=swg21996614

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95197

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Jun 29, 2016