IBM Security IDM 6.0/6.0.2 Remote Open Redirect (CVE-2021-29864)
CVE-2021-29864 Published on August 30, 2022
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089
Products Associated with CVE-2021-29864
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-29864 are published in IBM Security Identity Manager:
Affected Versions
IBM Security Identity Manager:- Version 6.0.0 is affected.
- Version 6.0.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.