Information Disclosure Vulnerability in IBM Security Identity Manager
CVE-2021-29688
5.3MEDIUM
Summary
IBM Security Identity Manager version 7.0.2 is susceptible to an information disclosure vulnerability that allows remote attackers to access sensitive data. When the application encounters a technical error, it may return detailed error messages that can expose information. This data could aid attackers in executing additional attacks against the system, highlighting the need for proper error handling to prevent data leaks.
Affected Version(s)
Security Identity Manager 6.0.2
Security Identity Manager 7.0.2
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved