Information Disclosure Vulnerability in IBM Security Identity Manager
CVE-2021-29688

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Security Identity Manager
Vendor
CVE Published:
20 May 2021

Summary

IBM Security Identity Manager version 7.0.2 is susceptible to an information disclosure vulnerability that allows remote attackers to access sensitive data. When the application encounters a technical error, it may return detailed error messages that can expose information. This data could aid attackers in executing additional attacks against the system, highlighting the need for proper error handling to prevent data leaks.

Affected Version(s)

Security Identity Manager 6.0.2

Security Identity Manager 7.0.2

References

https://www.ibm.com/support/pages/node/6454587
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6454605
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/200102
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.