User Enumeration Vulnerability in IBM Security Identity Manager
CVE-2021-29687

3.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 May 2021

Summary

IBM Security Identity Manager version 7.0.2 has a vulnerability that permits remote attackers to perform username enumeration. This occurs due to inconsistent responses between valid and invalid login attempts, allowing an attacker to differentiate between existing and non-existing usernames. Such information can be leveraged in further attacks, compromising user accounts and increasing the risk of unauthorized access.

Affected Version(s)

Security Identity Manager 6.0.2

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.