CVE-2021-29864 — Open Redirect in IBM Security Identity Manager

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 73.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Identity Manager

Timeline

PublishedAug 30

Latest updateAug 31

Description

IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/security_identity_manager6.0.0, 6.0.2+1

▶NVDibm/security_identity_manager6.0.0, 6.0.2+1

🔴Vulnerability Details

GHSA

GHSA-vvc9-r6m4-m5qf: IBM Security Identity Manager 6↗2022-08-31

▶

CVEList

CVE-2021-29864: IBM Security Identity Manager 6↗2022-08-30

▶