CVE-2021-29864
https://notcve.org/view.php?id=CVE-2021-29864
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 IBM Security Identity Manager versiones 6.0 y 6.0.2, podría permitir a un atacante remoto conducir ataques de suplantación de identidad, usando un ataque de redireccionamiento abierto. Al persuadir a una víctima para que visite un sitio web especialmente diseñado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso que parecería ser confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/206089 https://www.ibm.com/support/pages/node/6616101 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-20574
https://notcve.org/view.php?id=CVE-2021-20574
IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, podrían permitir a un atacante remoto autenticado conducir una inyección LDAP. Al usar una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad y tomar el contro de otras cuentas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199252 https://www.ibm.com/support/pages/node/6465875 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-20573
https://notcve.org/view.php?id=CVE-2021-20573
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199249. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, causado por una comprobación inapropiada de límites. Un atacante autenticado remoto podría desbordar el búfer y causar el bloqueo del servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199249 https://www.ibm.com/support/pages/node/6465875 • CWE-787: Out-of-bounds Write •
CVE-2021-20572
https://notcve.org/view.php?id=CVE-2021-20572
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow the and cause the server to crash. IBM X-Force ID: 199247. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites. Un atacante autenticado remoto podría desbordar el búfer y causar el bloqueo del servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199247 https://www.ibm.com/support/pages/node/6465875 • CWE-787: Out-of-bounds Write •
CVE-2021-20494
https://notcve.org/view.php?id=CVE-2021-20494
IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, caused by improper bounds. An authenticared user could overflow the buffer and cause the service to crash. IBM X-Force ID: 197882. IBM Security Identity Manager Adapters versiones 6.0 y 7.0, son vulnerables a un desbordamiento de búfer en la región heap de la memoria, causado por una comprobación inapropiada de límites. Un usuario autenticado podría desbordar el búfer y causar el bloqueo del servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197882 https://www.ibm.com/support/pages/node/6465875 • CWE-787: Out-of-bounds Write •