Published: 07/05/2020 Updated: 08/05/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm data risk manager 2.0.1
ibm data risk manager 2.0.2
ibm data risk manager 2.0.3
ibm data risk manager 2.0.4
ibm data risk manager 2.0.5
ibm data risk manager 2.0.6

What did it take for stubborn IBM to fix flaws in its Data Risk Manager security software? Someone dropping zero-days

The Register • Shaun Nichols in San Francisco • 23 Jun 2020

The other kind of DRM strikes: Bod baffled after attempt to raise alarm over vulnerabilities is ignored

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed. In what seems a shortsighted move, when a proactive approach may have been better, Big Blue turned down a privately disclosed report of flaws in its enterprise security software – only to issue fixes after details of the holes emerged online. Three of the four vulnerabilities – CVE-2020-4427, CVE-2020-4428, and CVE-2020-4429 – can be combined to poten...

CVE-2020-4429

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect