Published: 07/05/2020 Updated: 08/05/2020

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated malicious user to execute arbitrary commands on the system. IBM X-Force ID: 180533.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm data risk manager 2.0.1
ibm data risk manager 2.0.2
ibm data risk manager 2.0.3
ibm data risk manager 2.0.4
ibm data risk manager 2.0.5
ibm data risk manager 2.0.6

What did it take for stubborn IBM to fix flaws in its Data Risk Manager security software? Someone dropping zero-days

The Register • Shaun Nichols in San Francisco • 23 Jun 2020

The other kind of DRM strikes: Bod baffled after attempt to raise alarm over vulnerabilities is ignored

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed. In what seems a shortsighted move, when a proactive approach may have been better, Big Blue turned down a privately disclosed report of flaws in its enterprise security software – only to issue fixes after details of the holes emerged online. Three of the four vulnerabilities – CVE-2020-4427, CVE-2020-4428, and CVE-2020-4429 – can be combined to poten...

CVE-2020-4428

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect