PT-2018-4278 · Ibm · Ibm Security Identity Manager+1

Published

2018-04-20

·

Updated

2018-05-22

·

CVE-2014-6109

CVSS v2.0

3.5

Low

VectorAV:N/AC:M/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057 Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001 Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003
Description The issue allows remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server-side LDAP queries.
Recommendations For IBM Tivoli Identity Manager versions 5.1.x through 5.1.0.15-ISS-TIM-IF0057, update to version 5.1.0.15-ISS-TIM-IF0057 or later. For Security Identity Manager versions 6.0.x through 6.0.0.4-ISS-SIM-IF0001, update to version 6.0.0.4-ISS-SIM-IF0001 or later. For Security Identity Manager versions 7.0.x through 7.0.0.0-ISS-SIM-IF0003, update to version 7.0.0.0-ISS-SIM-IF0003 or later.

Fix

Information Disclosure

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-284

Related Identifiers

CVE-2014-6109

Affected Products

Ibm Tivoli Identity Manager
Ibm Security Identity Manager