Server-Side Request Forgery in IBM Security Identity Manager
CVE-2021-20483

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Manager
Vendor: CVE Published:; 16 June 2021

Summary

IBM Security Identity Manager version 6.0.2 is susceptible to an SSRF vulnerability that allows remote authenticated attackers to send specially crafted requests. This exploitation can lead to unauthorized access to sensitive information, compromising the confidentiality of the system. Users are urged to apply security patches to mitigate any potential risks.

Affected Version(s)

Security Identity Manager 6.0.2

References

https://www.ibm.com/support/pages/node/6464081

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/197591

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2021
Vulnerability Reserved
Dec 17, 2020