VIR Vulnerability Intelligence Relay

CVE-2016-5970

medium
Published 2016-09-26 · Modified 2026-05-06
CVSS v3
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2
4.0
VIR risk
6.5

Description

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21989205

Application impact
VendorProductVersionsFixed
ibmsecurity_privileged_identity_manager_virtual_appliance{"endIncluding":"2.0.2"}

References

CWEs

CWE-22 CWE-200

Verify integrity in audit chain (admin only). AS-IS.