First published: Wed May 19 2021(Updated: )
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Identity Manager | =6.0.2 | |
IBM Security Identity Manager | =7.0.2 | |
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows | ||
Oracle Solaris | ||
<=6.0.2 | ||
<=6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-29688 is high.
The vulnerability in IBM Security Identity Manager is related to obtaining sensitive information when a detailed technical error message is returned in the browser.
Versions 6.0.2 and 7.0.2 of IBM Security Identity Manager are affected by CVE-2021-29688.
The sensitive information obtained in this vulnerability could be used in further attacks against the system.
No, other operating systems such as AIX, Linux kernel, Microsoft Windows, and Oracle Solaris are not vulnerable to CVE-2021-29688.