PatchSiren cyber security CVE debrief
CVE-2016-5990 IBM CVE debrief
CVE-2016-5990 describes an access-control weakness in IBM Security Privileged Identity Manager Virtual Appliance where an authenticated user could upload malicious files that would then be automatically executed by the server. The NVD record maps the issue to IBM Security Privileged Identity Manager Virtual Appliance versions 2.0.2 and 2.1 and rates it as medium severity. Because the vulnerable action requires authentication, the main concern is abuse of legitimate access to trigger code execution or other harmful server-side behavior.
- Vendor
- IBM
- Product
- CVE-2016-5990
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-01
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for IBM Security Privileged Identity Manager Virtual Appliance, especially environments running versions 2.0.2 or 2.1. It also matters to teams that review authenticated upload features, privilege boundaries, and application execution paths on privileged-access infrastructure.
Technical summary
NVD describes the flaw as a case where an authenticated user can upload malicious files that are automatically executed by the server. The weakness is categorized as CWE-284 (improper access control). The published CVSS vector indicates network attackability with low attack complexity, low required privileges, no user interaction, and low impact to confidentiality, integrity, and availability.
Defensive priority
Medium. The issue requires authenticated access, but automatic server-side execution can still allow meaningful compromise of the appliance or its hosted functions if abused.
Recommended defensive actions
- Verify whether IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 or 2.1 is deployed in your environment.
- Apply IBM's vendor guidance and any available patches or updates referenced in the IBM advisory.
- Review authenticated file-upload functionality and restrict who can upload files to only the minimum necessary accounts.
- Monitor appliance and application logs for unexpected uploads, file changes, or execution events.
- If immediate patching is not possible, reduce exposure by limiting administrative access and reviewing whether the upload feature can be operationally disabled or tightly constrained per vendor guidance.
Evidence notes
The description and affected-version data come from the supplied NVD record. NVD lists IBM Security Privileged Identity Manager Virtual Appliance 2.0.2 and 2.1 as vulnerable and classifies the weakness as CWE-284. The supplied references include an IBM support advisory and a SecurityFocus VDB entry. No KEV listing or ransomware-use signal was provided in the corpus.
Official resources
-
CVE-2016-5990 CVE record
CVE.org
-
CVE-2016-5990 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Patch, VDB Entry
Publicly disclosed in the CVE/NVD record on 2017-02-01. The supplied corpus shows a later NVD record modification on 2026-05-13, but that is not the original issue date.