Vulnerabilities > CVE-2021-29687 - Information Exposure Through Discrepancy vulnerability in IBM Security Identity Manager 6.0.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
CWE-203
NVD
Published: 2021-05-20
Updated: 2021-05-24

Summary

IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018

Vulnerable Configurations

Part Description Count
Application
Ibm
1
OS
Ibm
1
OS
Linux
1
OS
Microsoft
1
OS
Oracle
1

Common Weakness Enumeration (CWE)

References