PatchSiren cyber security CVE debrief
CVE-2016-9739 IBM CVE debrief
CVE-2016-9739 is a credential exposure issue in IBM Security Identity Manager Virtual Appliance. According to NVD, user credentials were stored in plain text and could be read by a local user. The issue was publicly disclosed on 2017-02-01 and affects multiple IBM Security Identity Manager 7.x releases listed by NVD.
- Vendor
- IBM
- Product
- CVE-2016-9739
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-01
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for IBM Security Identity Manager Virtual Appliance deployments, especially systems where local access is possible or shared among multiple users. Organizations that store privileged or sensitive credentials in the appliance should prioritize review and remediation.
Technical summary
NVD describes the flaw as clear-text storage of user credentials in IBM Security Identity Manager Virtual Appliance, making them readable by a local user. The NVD CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local attack path requiring low privileges and no user interaction, with high potential impact if credentials are exposed. NVD associates the issue with IBM Security Identity Manager versions 7.0.0.0 through 7.0.1.4 and maps it to CWE-255 in the supplied record.
Defensive priority
High. The issue exposes credentials directly and can lead to compromise of accounts stored in the appliance. Because the attack requires local access and low privileges, environments with multiple administrators, shared hosts, or weak local access controls should treat this as urgent.
Recommended defensive actions
- Review IBM's advisory for CVE-2016-9739 and apply the vendor-recommended patch or remediation path referenced by IBM.
- Inventory IBM Security Identity Manager Virtual Appliance instances and confirm whether affected versions 7.0.0.0 through 7.0.1.4 are in use.
- Restrict local access to appliance systems to only trusted administrators and enforce least privilege.
- Rotate any credentials that may have been stored in clear text on affected systems.
- Check for signs of unauthorized local access or credential misuse on impacted appliances.
- Verify that any backups, exports, or support bundles do not retain exposed credential material.
- After remediation, validate that credential storage is no longer readable in clear text through normal local access paths.
Evidence notes
The supplied NVD record states that IBM Security Identity Manager Virtual Appliance stores user credentials in plain text and that a local user can read them. The record also supplies the CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, a CWE-255 mapping, and NVD CPE entries for IBM Security Identity Manager 7.0.0.0 through 7.0.1.4. IBM's referenced support page is included in the source corpus as the vendor patch/VDB entry reference, but no fixed version is stated in the supplied data.
Official resources
-
CVE-2016-9739 CVE record
CVE.org
-
CVE-2016-9739 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Publicly disclosed by IBM and indexed by NVD on 2017-02-01.