Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
356
VMScore

CVE-2020-4430

Published: 07/05/2020 Updated: 08/05/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Data Risk Manager

Vulnerability Summary

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated malicious user to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ibm data risk manager 2.0.1

ibm data risk manager 2.0.2

ibm data risk manager 2.0.3

ibm data risk manager 2.0.4

ibm data risk manager 2.0.5

ibm data risk manager 2.0.6

Recent Articles

Patch Tuesday brings bug fixes for OpenSSL, IBM, SAP, Kubernetes, Adobe, and Red Hat. And Microsoft, of course
The Register • Thomas Claburn in San Francisco • 08 Dec 2020

Light load from Redmond as everyone else seeks to bury bad news, sorry, align in update cadence

Patch Tuesday For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. On the one hand, vendors glommed to Microsoft's Patch Tuesday on the pretense that users and system administrators could plan their patching around a regular, monthly cadence. On the other hand, it lets developers emit all their bad news at once and ideally avoid headlines specif...

Read more...
What did it take for stubborn IBM to fix flaws in its Data Risk Manager security software? Someone dropping zero-days
The Register • Shaun Nichols in San Francisco • 23 Jun 2020

The other kind of DRM strikes: Bod baffled after attempt to raise alarm over vulnerabilities is ignored

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed. In what seems a shortsighted move, when a proactive approach may have been better, Big Blue turned down a privately disclosed report of flaws in its enterprise security software – only to issue fixes after details of the holes emerged online. Three of the four vulnerabilities – CVE-2020-4427, CVE-2020-4428, and CVE-2020-4429 – can be combined to poten...

Read more...

References

CWE-22https://www.ibm.com/support/pages/node/6206875https://exchange.xforce.ibmcloud.com/vulnerabilities/180535https://nvd.nist.govhttps://www.theregister.co.uk/2020/06/23/ibm_data_risk_manager/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook