6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
IBM Security Identity Manager (ISIM) is a suite of identity management and governance solutions from IBM of America. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password management. IBM Security Identity Manager versions 6.0.0 and 6.0.2 contain an open redirection vulnerability that stems from the system’s failure to reasonably handle target hops, which can be exploited by an attacker to An attacker could exploit the vulnerability to redirect users to a malicious website that appears to be trusted.
CPE | Name | Operator | Version |
---|---|---|---|
ibm ibm security identity manager | eq | 6.0.0 | |
ibm security identity manager | eq | 6.0.2 |