PT-2021-4692 · Ibm · Ibm Security Identity Manager

Maciej Grabiec

Published

2021-06-15

Updated

2021-06-21

CVE-2021-20483

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Identity Manager version 6.0.2

Description The issue is related to insufficient validation of incoming requests, which could allow a remote authenticated attacker to obtain sensitive data by sending specially crafted requests. This can lead to unauthorized access to protected information.

Recommendations For IBM Security Identity Manager version 6.0.2, consider restricting access to sensitive data and validating all incoming requests to minimize the risk of exploitation. As a temporary workaround, restrict the use of the affected functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-668

Related Identifiers

BDU:2021-05389

BDU:2021-05403

CVE-2021-20483

Affected Products

Ibm Security Identity Manager

PT-2021-4692 · Ibm · Ibm Security Identity Manager

CVE-2021-20483

Weakness Enumeration

Related Identifiers

Affected Products

References · 7