Remote Authentication Bypass in IBM Tivoli Identity Manager and Security Identity Manager
CVE-2014-6109

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Manager; Tivoli Identity Manager
Vendor: CVE Published:; 20 April 2018

What is CVE-2014-6109?

A vulnerability exists in IBM Tivoli Identity Manager and Security Identity Manager that allows remote authenticated users to circumvent access restrictions. This issue arises from improper handling of LDAP queries, potentially exposing sensitive information to unauthorized parties. The flaw affects multiple versions of the products, making it critical for users to apply the necessary patches to safeguard their systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21698020

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/96173

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2018
Vulnerability Reserved
Sep 2, 2014