CVE-2016-9703
LOWIBM Security Identity Manager Virtual Appliance - Info Disclosure
Title source: llmDescription
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95327
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037765
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21996761
Scores
CVSS v3
2.4
EPSS
0.0006
EPSS Percentile
19.4%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-384
Status
published
Products (15)
ibm/security_identity_manager_virtual_appliance
7.0.0.0
ibm/security_identity_manager_virtual_appliance
7.0.0.1
ibm/security_identity_manager_virtual_appliance
7.0.0.2
ibm/security_identity_manager_virtual_appliance
7.0.0.3
ibm/security_identity_manager_virtual_appliance
7.0.1.0
ibm/security_identity_manager_virtual_appliance
7.0.1.1
ibm/security_identity_manager_virtual_appliance
7.0.1.2
ibm/security_identity_manager_virtual_appliance
7.0.1.3
ibm/security_identity_manager_virtual_appliance
7.0.1.4
IBM Corporation/Identity Manager
5.0
... and 5 more
Published
Feb 01, 2017
Tracked Since
Feb 18, 2026