CVE-2016-5964

CWE-284 — Improper Access Control3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 40.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Privileged Identity Manager IBM Security Privileged Identity Manager

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/security_privileged_identity_manager2.0.2

▶CVEListV5ibm_corporation/privileged_identity_manager6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-h82q-3jgp-hh7x: IBM Security Privileged Identity Manager Virtual Appliance version 2↗2022-05-17

▶

CVEList

CVE-2016-5964: IBM Security Privileged Identity Manager Virtual Appliance version 2↗2017-02-01

▶