Remote Authentication Bypass in IBM Tivoli Identity Manager and Security Identity Manager
CVE-2014-6109
5.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 20 April 2018
Summary
A vulnerability exists in IBM Tivoli Identity Manager and Security Identity Manager that allows remote authenticated users to circumvent access restrictions. This issue arises from improper handling of LDAP queries, potentially exposing sensitive information to unauthorized parties. The flaw affects multiple versions of the products, making it critical for users to apply the necessary patches to safeguard their systems.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved