First published: Mon Aug 29 2022(Updated: )
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM ISIM | <=6.0.0 | |
IBM ISIM | <=6.0.2 | |
IBM Security Identity Manager | =6.0.0 | |
IBM Security Identity Manager | =6.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this IBM Security Identity Manager vulnerability is CVE-2021-29864.
CVE-2021-29864 has a severity value of 6.8, which is classified as medium.
CVE-2021-29864 affects IBM Security Identity Manager versions 6.0.0 to 6.0.2, inclusive.
A remote attacker can exploit CVE-2021-29864 by conducting phishing attacks using an open redirect attack.
Yes, you can find references for CVE-2021-29864 at the following links: [Reference 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/206089), [Reference 2](https://www.ibm.com/support/pages/node/6616101).