CVE-2021-20574

Name of the Vulnerable Software and Affected Versions: IBM Security Identity Manager Adapters versions 6.0 through 7.0

Description: The issue allows a remote authenticated attacker to conduct an LDAP injection by using a specially crafted request, potentially leading to account takeover.

Recommendations: For versions 6.0 through 7.0, consider restricting access to the LDAP functionality until a patch is available. As a temporary workaround, avoid using specially crafted requests in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.