LDAP Injection Vulnerability in IBM Security Identity Manager Adapters
CVE-2021-20574

7.5HIGH

Key Information:

Vendor: IBM
Status: Security Identity Manager Adapters
Vendor: CVE Published:; 28 June 2021

Summary

IBM Security Identity Manager Adapters versions 6.0 and 7.0 are susceptible to an LDAP injection vulnerability. A remote authenticated attacker can exploit this flaw using specially crafted requests, potentially gaining unauthorized access to other accounts within the system. This vulnerability emphasizes the need for robust security measures to protect sensitive user information from malicious actors.

Affected Version(s)

Security Identity Manager Adapters 6.0

Security Identity Manager Adapters 7.0

References

https://www.ibm.com/support/pages/node/6465875

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199252

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2021
Vulnerability Reserved
Dec 17, 2020