User Enumeration Vulnerability in IBM Security Identity Manager
CVE-2021-29687
3.7LOW
Summary
IBM Security Identity Manager version 7.0.2 has a vulnerability that permits remote attackers to perform username enumeration. This occurs due to inconsistent responses between valid and invalid login attempts, allowing an attacker to differentiate between existing and non-existing usernames. Such information can be leveraged in further attacks, compromising user accounts and increasing the risk of unauthorized access.
Affected Version(s)
Security Identity Manager 6.0.2
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved