CVE-2016-5974

MEDIUM

IBM Security Privileged Identity Manager <2.0.2 FP8 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

References (1)

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21989205

Scores

CVSS v3 5.4

EPSS 0.0017

EPSS Percentile 37.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

ibm/security_privileged_identity_manager_virtual_appliance < 2.0.2

n/a/n/a

Timeline

Published Sep 26, 2016

Tracked Since Feb 18, 2026