cvelist/2021/20xxx/CVE-2021-20488.json

{
    "data_format": "MITRE",
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "value": "Gain Access",
                        "lang": "eng"
                    }
                ]
            }
        ]
    },
    "data_version": "4.0",
    "data_type": "CVE",
    "CVE_data_meta": {
        "ID": "CVE-2021-20488",
        "STATE": "PUBLIC",
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2021-06-15T00:00:00"
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.ibm.com/support/pages/node/6464081",
                "url": "https://www.ibm.com/support/pages/node/6464081",
                "refsource": "CONFIRM",
                "title": "IBM Security Bulletin 6464081 (Security Identity Manager)"
            },
            {
                "name": "ibm-sim-cve202120488-gain-access (197789)",
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789",
                "refsource": "XF",
                "title": "X-Force Vulnerability Report"
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Security Identity Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "6.0.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "IBM"
                }
            ]
        }
    },
    "impact": {
        "cvssv3": {
            "TM": {
                "E": "U",
                "RL": "O",
                "RC": "C"
            },
            "BM": {
                "AV": "N",
                "C": "H",
                "PR": "L",
                "SCORE": "7.500",
                "UI": "N",
                "A": "H",
                "S": "U",
                "AC": "H",
                "I": "H"
            }
        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789."
            }
        ]
    }
}
"-Synchronized-Data." 2020-12-17 20:03:02 +00:00			`{`
"-Synchronized-Data." 2021-06-16 17:00:55 +00:00			`"data_format": "MITRE",`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"value": "Gain Access",`
			`"lang": "eng"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"data_version": "4.0",`
			`"data_type": "CVE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2021-20488",`
			`"STATE": "PUBLIC",`
			`"ASSIGNER": "psirt@us.ibm.com",`
			`"DATE_PUBLIC": "2021-06-15T00:00:00"`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.ibm.com/support/pages/node/6464081",`
			`"url": "https://www.ibm.com/support/pages/node/6464081",`
			`"refsource": "CONFIRM",`
			`"title": "IBM Security Bulletin 6464081 (Security Identity Manager)"`
			`},`
			`{`
			`"name": "ibm-sim-cve202120488-gain-access (197789)",`
			`"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197789",`
			`"refsource": "XF",`
			`"title": "X-Force Vulnerability Report"`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Security Identity Manager",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "6.0.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "IBM"`
			`}`
IBM20210616-12711 Added CVE-2021-20567, CVE-2021-20566, CVE-2021-20483, CVE-2021-20488, CVE-2021-29702 2021-06-16 12:07:11 -04:00			`]`
"-Synchronized-Data." 2021-06-16 17:00:55 +00:00			`}`
			`},`
			`"impact": {`
			`"cvssv3": {`
			`"TM": {`
			`"E": "U",`
			`"RL": "O",`
			`"RC": "C"`
			`},`
			`"BM": {`
			`"AV": "N",`
			`"C": "H",`
			`"PR": "L",`
			`"SCORE": "7.500",`
			`"UI": "N",`
			`"A": "H",`
			`"S": "U",`
			`"AC": "H",`
			`"I": "H"`
			`}`
			`}`
			`},`
			`"description": {`
			`"description_data": [`
"-Synchronized-Data." 2020-12-17 20:03:02 +00:00			`{`
"-Synchronized-Data." 2021-06-16 17:00:55 +00:00			`"lang": "eng",`
"-Synchronized-Data." 2021-06-17 11:00:49 +00:00			`"value": "IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789."`
"-Synchronized-Data." 2020-12-17 20:03:02 +00:00			`}`
"-Synchronized-Data." 2021-06-16 17:00:55 +00:00			`]`
			`}`
			`}`