First published: Tue Apr 21 2020(Updated: )
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Data Risk Manager | =2.0.1 | |
IBM Data Risk Manager | =2.0.2 | |
IBM Data Risk Manager | =2.0.3 | |
IBM Data Risk Manager | =2.0.4 | |
IBM Data Risk Manager | =2.0.5 | |
IBM Data Risk Manager | =2.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of IBM Data Risk Manager is CVE-2020-4429.
The severity level of CVE-2020-4429 is critical.
CVE-2020-4429 allows a remote attacker to login and execute arbitrary code on the system with root privileges in IBM Data Risk Manager.
Versions 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 of IBM Data Risk Manager are affected by CVE-2020-4429.
To mitigate the vulnerability CVE-2020-4429 in IBM Data Risk Manager, update to a patched version that does not have the default password for the IDRM administrative account.