Hard-Coded Credential Vulnerability in IBM Security Identity Manager
CVE-2021-29691

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Identity Manager
Vendor: CVE Published:; 20 May 2021

What is CVE-2021-29691?

IBM Security Identity Manager 7.0.2 includes hard-coded credentials that pose significant risks as they are utilized for inbound authentication, outbound communication with external components, and the encryption of internal data. This security flaw may lead to unauthorized access and data breaches, compromising the integrity of the data managed by the system. It is critical for organizations utilizing this product to assess their security posture and mitigate potential risks associated with this vulnerability.

Affected Version(s)

Security Identity Manager 7.0.2

References

https://www.ibm.com/support/pages/node/6454587

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/200252

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2021
Vulnerability Reserved
Mar 31, 2021