Lucene search
K
IbmData Risk Manager

18 matches found

CVE
CVE
added 2020/05/07 7:20 p.m.1124 views

CVE-2020-4427

IBM Data Risk Manager (IDRM) versions 2.0.1–2.0.6 are affected by an authentication bypass when SAML authentication is enabled. A remote attacker can trigger a specially crafted HTTP request to the SAML idpSelection endpoint to bypass authentication and gain full administrative access. Affected r...

9.8CVSS9.2AI score0.70031EPSS
In wild
CVE
CVE
added 2020/05/07 7:20 p.m.1121 views

CVE-2020-4428

Product and vuln : IBM Data Risk Manager (IDRM) 2.0.1–2.0.4. Issue : remote authenticated attacker can execute arbitrary commands on the system (CVE-2020-4428). Root cause / vector : authenticated access with remote command execution capability (no user interaction required). Impact : full comman...

9.1CVSS9AI score0.61692EPSS
In wild
CVE
CVE
added 2020/05/07 7:20 p.m.1053 views

CVE-2020-4430

CVE-2020-4430 affects IBM Data Risk Manager (IDRM) 2.0.1–2.0.4. A remote authenticated attacker can traverse directories via a specially crafted URL request to download arbitrary files from the system. The related Nessus/Checkpoints indicate multiple vulnerabilities in IDRM 2.0.1–2.0.4, including...

4.3CVSS6.2AI score0.68544EPSS
In wild
CVE
CVE
added 2020/05/07 7:20 p.m.307 views

CVE-2020-4429

CVE-2020-4429 affects IBM Data Risk Manager (IDRM) versions 2.0.1–2.0.6. A default password for an IDRM administrative account enables a remote attacker to login and execute arbitrary code with root privileges. Public references confirm the default-password issue and associated high/severe impact...

10CVSS9.3AI score0.71363EPSS
In wild
CVE
CVE
added 2020/09/22 1:55 p.m.59 views

CVE-2020-4620

CVE-2020-4620 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue arises from improper validation of file extensions, allowing a remote authenticated attacker to upload arbitrary files via a crafted HTTP request. The uploaded file could enable remote code execution on the vulnerable system. The...

9CVSS8.8AI score0.05187EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.55 views

CVE-2020-4617

CVE-2020-4617 affects IBM Data Risk Manager (iDNA) 2.0.6. It is a cross-site request forgery vulnerability that could allow an attacker to trick a trusted user into performing unwanted actions on the iDNA web UI. The vulnerability relies on forged requests transmitted from a user the site trusts;...

8.1CVSS8.2AI score0.00553EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.52 views

CVE-2020-4622

CVE-2020-4622 : IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials (password/cryptographic key) used for its own inbound authentication, outbound communication to external components, or encryption of internal data. This could undermine authentication/crypto trust within the produ...

7.5CVSS7.8AI score0.01179EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.49 views

CVE-2020-4615

CVE-2020-4615 (IBM Data Risk Manager 2.0.6) is a cross-site scripting vulnerability in the Web UI that could allow an authenticated user to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Connected sources corroborate iDNA 2.0.6 as affected and outline a ...

5.4CVSS5.6AI score0.00673EPSS
CVE
CVE
added 2021/10/12 6:55 p.m.48 views

CVE-2021-38862

IBM Data Risk Manager (iDNA) 2.0.6 is affected by weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. The affected product/version is IBM DRM 2.0.6. Remediation requires upgrading to v2.0.6.8 and then applying FixPack 2.0.6.9 in sequence (not cu...

7.5CVSS7.3AI score0.00665EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.47 views

CVE-2020-4621

CVE-2020-4621 affects IBM Data Risk Manager (iDNA) 2.0.6. An authenticated user could escalate privileges to administrator due to insufficient authorization checks. The IBM bulletin corroborates privileged actions and high-impact consequences. Mitigation: upgrade to 2.0.6.4 and apply subsequent f...

8.8CVSS8.6AI score0.01346EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.46 views

CVE-2020-4611

IBM Data Risk Manager (iDNA) 2.0.6 is reported to allow an authenticated user to bypass security and perform actions reserved for admins. The entry notes this as a vulnerability in the product, with IBM’s remediation path recommending upgrading to v2.0.6.4 and then applying subsequent fixpacks (2...

8.8CVSS8.7AI score0.01631EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.45 views

CVE-2020-4612

CVE-2020-4612 affects IBM Data Risk Manager (iDNA) 2.0.6. An authenticated user can obtain sensitive information via a specially crafted HTTP request. Connected documentation confirms the issue and prescribes a remediation path: upgrade to DRM 2.0.6.4 first, then apply fixpacks 2.0.6.5 and 2.0.6....

6.5CVSS6.5AI score0.01332EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.43 views

CVE-2020-4616

CVE-2020-4616 affects IBM Data Risk Manager (iDNA) 2.0.6. A specially crafted HTTP request could disclose sensitive username information (confidentiality impact: PARTIAL). IBM X-Force entry shows multiple related scores (CVSSv2 5.0; CVSSv3.1 5.3) and related risk context. Remediation provided in ...

5.3CVSS5.8AI score0.01704EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.42 views

CVE-2020-4618

CVE-2020-4618 affects IBM Data Risk Manager (iDNA) 2.0.6, where a privileged user could cause a denial of service due to improper input validation in the application. The impact is a DoS within iDNA as described in the entry. Remediation provided in the document recommends upgrading to v2.0.6.4 f...

5.5CVSS5.7AI score0.01102EPSS
CVE
CVE
added 2021/10/12 6:55 p.m.42 views

CVE-2021-38915

CVE-2021-38915 affects IBM Data Risk Manager 2.0.6, where user credentials are stored in plain text. The vulnerability is that authenticated users can read plaintext credentials due to insecure storage, as stated in multiple sources. There is no indication of remote code execution or exploit deta...

6.5CVSS6.2AI score0.0049EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.41 views

CVE-2020-4613

CVE-2020-4613 affects IBM Data Risk Manager (iDNA) 2.0.6, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is tracked under iDNA remediation pages and IBM X-Force entries. Mitigation and Fix: upgrade to DRM 2.0.6.4 firs...

7.5CVSS7.6AI score0.00943EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.40 views

CVE-2020-4619

CVE-2020-4619 concerns IBM Data Risk Manager (iDNA) 2.0.6, where user credentials are stored in plaintext and readable by an authenticated user. The IBM security page confirms multiple related entries and details the impact as credential exposure and improper storage on the server side. Practical...

6.5CVSS6.6AI score0.00706EPSS
CVE
CVE
added 2020/09/22 1:55 p.m.39 views

CVE-2020-4614

CVE-2020-4614 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Remediation is to upgrade to v2.0.6.4 and then apply subsequent fixpacks (2.0.6.5, 2.0.6.6) in order, as detailed in ...

7.5CVSS7.6AI score0.00808EPSS