Lucene search
+L

7 matches found

Nuclei
Nuclei
added 2 days ago17 views

IBM Data Risk Manager - Authentication Bypass via SAML

IBM Data Risk Manager versions 2.0.1 through 2.0.6 are vulnerable to authentication bypass when configured with SAML authentication. A remote attacker can bypass security restrictions by sending a specially crafted HTTP request to the SAML idpSelection endpoint, allowing them to bypass the...

9.8CVSS7.1AI score0.70031EPSS
Exploits8References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.359 views

IBM Data Risk Manager Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Data Risk Manager Arbitrary File Download', 'Description' = %q IBM Data Risk Manager IDRM contains two vulnerabilities that can be chained by...

10CVSS6.9AI score0.71363EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2023/09/14 12:0 a.m.38 views

IBM Data Risk Manager 2.0.1 <= 2.0.6.1 Multiple Vulnerabilities (6206875)

The version of IBM Data Risk Manager installed on the remote host is between 2.0.1 and 2.0.6.1. It is, therefore, affected by multiple vulnerabilities: - IBM Data Risk Manager could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a...

10CVSS9AI score0.71363EPSS
Exploits10References5
Check Point Advisories
Check Point Advisories
added 2022/01/16 12:0 a.m.29 views

IBM Data Risk Manager Authentication Bypass (CVE-2020-4427)

An authentication bypass vulnerability exists in IBM Data Risk Manager. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

9CVSS6.1AI score0.70031EPSS
Exploits8
CVE
CVE
added 2020/05/07 7:20 p.m.1127 views

CVE-2020-4427

IBM Data Risk Manager (IDRM) versions 2.0.1–2.0.6 are affected by an authentication bypass when SAML authentication is enabled. A remote attacker can trigger a specially crafted HTTP request to the SAML idpSelection endpoint to bypass authentication and gain full administrative access. Affected r...

9.8CVSS9.2AI score0.70031EPSS
In wildExploits8References5Affected Software1
Circl
Circl
added 2020/05/05 5:17 p.m.26 views

CVE-2020-4427

creationtimestamp| type| source ---|---|--- 2020-05-05 17:17:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/ibmdrmdownload.rb 2020-05-05 17:17:40+00:00| seen|...

9.8CVSS7AI score0.70031EPSS
In wildExploits8References10
ATTACKERKB
ATTACKERKB
added 2020/04/21 12:0 a.m.101 views

CVE-2020-4427

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process...

10CVSS9.7AI score0.71363EPSS
In wildExploits10References3
Rows per page
Query Builder