IBM Data Risk Manager - Authentication Bypass via SAML

IBM Data Risk Manager versions 2.0.1 through 2.0.6 are vulnerable to authentication bypass when configured with SAML authentication. A remote attacker can bypass security restrictions by sending a specially crafted HTTP request to the SAML idpSelection endpoint, allowing them to bypass the...

EUVD-2020-25866

Malware in sbrugna...

EUVD-2020-25860

Malware in sbrugna...

VulnCheck KEV: CVE-2020-4429

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534...

IBM Data Risk Manager Insecure Default Password (CVE-2020-4429)

Binary data ibmdatariskmanagerCVE-2020-4429.nbin...

IBM Data Risk Manager Web Detection

Binary data ibmdatariskmanagerwebdetect.nbin...

IBM Data Risk Manager Directory Traversal Vulnerability

IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system...

IBM Data Risk Manager Security Bypass Vulnerability

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication proces...

VulnCheck KEV: CVE-2020-4428

IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�...

IBM Data Risk Manager Encryption Issue Vulnerability

IBM Data Risk Manager is a data risk manager from IBM Corporation of the United States. The product supports discovery, analysis and visualization of business risk data, etc. A security vulnerability exists in IBM Data Risk Manager iDNA 2.0.6, which could be exploited by an attacker to decrypt...

IBM Data Risk Manager User Credentials Plaintext Storage Vulnerability

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A user credentials plaintext storage vulnerability exists in IBM Data Risk Manager version 2.0.6. An attacker could exploit the vulnerability to read plaintext credentials...

CVE-2021-38915

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947...

CVE-2021-38862

IBM Data Risk Manager iDNA 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980...

CVE-2021-38915

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947...

Code injection

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947...

CVE-2021-38915

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947...

CVE-2021-38915

CVE-2021-38915 affects IBM Data Risk Manager 2.0.6, where user credentials are stored in plain text. The vulnerability is that authenticated users can read plaintext credentials due to insecure storage, as stated in multiple sources. There is no indication of remote code execution or exploit deta...

CVE-2021-38862

IBM Data Risk Manager iDNA 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980...

CVE-2021-38862

IBM Data Risk Manager (iDNA) 2.0.6 is affected by weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. The affected product/version is IBM DRM 2.0.6. Remediation requires upgrading to v2.0.6.8 and then applying FixPack 2.0.6.9 in sequence (not cu...

IBM Data Risk Manager 安全漏洞

IBM Data Risk Manager is a data risk manager that helps discover, analyze and visualize business risks associated with data. A user credentials plaintext storage vulnerability exists in IBM Data Risk Manager version 2.0.6. An attacker could exploit the vulnerability to read plaintext credentials...