Lucene search

IbmCVELIST:CVE-2021-20488

HistoryJun 15, 2021 - 12:00 a.m.

CVE-2021-20488

2021-06-1500:00:00

ibm

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.

CNA Affected

[
  {
    "product": "Security Identity Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/197789

www.ibm.com/support/pages/node/6464081

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for CVELIST:CVE-2021-20488