CVE-2016-5959

MEDIUM

IBM Security Privileged Identity Manager <2.1.0 - Info Disclosure

Title source: llm

Description

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136.

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22003092

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98829

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/116136

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

ibm/security_privileged_identity_manager

IBM/Security Privileged Identity Manager < 2.0.2

IBM/Security Privileged Identity Manager < 2.1.0

Published Jun 07, 2017

Tracked Since Feb 18, 2026