First published: Wed May 19 2021(Updated: )
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Identity Manager | =6.0.2 | |
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris | ||
IBM ISIM | <=6.0.2 | |
IBM ISIM | <=6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29687 is a vulnerability in IBM Security Identity Manager that allows a remote user to enumerate usernames due to a difference in responses from valid and invalid login attempts.
CVE-2021-29687 has a severity rating of 5.3 (Medium).
CVE-2021-29687 affects IBM Security Identity Manager versions 6.0.0 and 6.0.2.
To mitigate CVE-2021-29687, IBM recommends applying the latest patches and updates for IBM Security Identity Manager.
More information about CVE-2021-29687 can be found on the IBM X-Force Exchange website and in IBM's support documentation.