Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430)

Summary

Multiple vulnerabilities were reported to exist in IBM Data Risk Manager (IDRM) V2.0.1 and greater. Two issues were already fixed in V2.0.4.1, and the rest are fixed in V2.0.6.2 and later.

Vulnerability Details

CVEID:CVE-2020-4427
**DESCRIPTION:**IBM Data Risk Manager could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180532 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-4428
**DESCRIPTION:**IBM Data Risk Manager could allow a remote authenticated attacker to execute arbitrary commands on the system.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180533 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-4429
**DESCRIPTION:**IBM Data Risk Manager contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180534 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-4430
**DESCRIPTION:**IBM Data Risk Manager could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180535 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

To obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6, and then to apply the most recent fix packs (2.0.6.2 is not cumulative – it must be applied on top of 2.0.6.1). Existing customers can download the version 2.0.6 from IBM Passport Advantage at <https://www.ibm.com/software/passportadvantage/pacustomers.html&gt;.

GA17223

|

1. Upgrade to version 2.0.6 (download from Passport Advantage)

2. Apply IDRM_2.0.6.1_Fixpack

3. Apply DRM_2.0.6.2_Fixpack

IBM Data Risk Manager | 2.0.6 |

GA17223

|

1. Apply IDRM_2.0.6.1_Fixpack

2. Apply DRM_2.0.6.2_Fixpack

IBM Data Risk Manager | 2.0.6.1 |

GA17223

|

Apply DRM_2.0.6.2_Fixpack

Workarounds and Mitigations

The Authentication Bypass issue only exists if SAML authentication is enabled. The issue does not occur when using LDAP authentication, for example. SAML authentication is not enabled by default. Customers can upgrade to the fixed version or disable SAML authentication.

To address the default password issue, customers can upgrade to the fixed version, which requires a password reset on initial login. Alternatively, customers can follow the product documentation and use the** passwd** command to change the default password for the IDRM administrative account.