CVE-2016-5960

CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 82.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Privileged Identity Manager

Timeline

PublishedJun 7

Latest updateMay 17

Description

IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/security_privileged_identity_manager2.0.2, 2.1.0+1

▶NVDibm/security_privileged_identity_manager2.0.2, 2.1+1

🔴Vulnerability Details

GHSA

GHSA-gwmx-m85h-q5v6: IBM Security Privileged Identity Manager 2↗2022-05-17

▶

CVEList

CVE-2016-5960: IBM Security Privileged Identity Manager 2↗2017-06-07

▶