{"api_version":"1","generated_at":"2026-05-08T21:56:56+00:00","cve":"CVE-2021-20488","urls":{"html":"https://cve.report/CVE-2021-20488","api":"https://cve.report/api/cve/CVE-2021-20488.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20488","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20488"},"summary":{"title":"CVE-2021-20488","description":"IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2021-06-16 17:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/197789","name":"ibm-sim-cve202120488-gain-access (197789)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6464081","name":"https://www.ibm.com/support/pages/node/6464081","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: IBM Security Identity Manager Password Synchronization Plug-in for Windows AD affected by multiple vulnerabilities (CVE-2021-20483, CVE-2021-20488)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20488","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20488","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20488","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"aix","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20488","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_identity_manager","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20488","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20488","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20488","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"solaris","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"-","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"value":"Gain Access","lang":"eng"}]}]},"data_version":"4.0","data_type":"CVE","CVE_data_meta":{"ID":"CVE-2021-20488","STATE":"PUBLIC","ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2021-06-15T00:00:00"},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6464081","url":"https://www.ibm.com/support/pages/node/6464081","refsource":"CONFIRM","title":"IBM Security Bulletin 6464081 (Security Identity Manager)"},{"name":"ibm-sim-cve202120488-gain-access (197789)","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/197789","refsource":"XF","title":"X-Force Vulnerability Report"}]},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Security Identity Manager","version":{"version_data":[{"version_value":"6.0.2"}]}}]},"vendor_name":"IBM"}]}},"impact":{"cvssv3":{"TM":{"E":"U","RL":"O","RC":"C"},"BM":{"AV":"N","C":"H","PR":"L","SCORE":"7.500","UI":"N","A":"H","S":"U","AC":"H","I":"H"}}},"description":{"description_data":[{"lang":"eng","value":"IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789."}]}},"nvd":{"publishedDate":"2021-06-16 17:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_identity_manager:6.0.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20488","Ordinal":"194532","Title":"CVE-2021-20488","CVE":"CVE-2021-20488","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20488","Ordinal":"1","NoteData":"IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20488","Ordinal":"2","NoteData":"2021-06-16","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20488","Ordinal":"3","NoteData":"2021-06-17","Type":"Other","Title":"Modified"}]}}}