18 matches found
CVE-2020-4427
IBM Data Risk Manager (IDRM) versions 2.0.1–2.0.6 are affected by an authentication bypass when SAML authentication is enabled. A remote attacker can trigger a specially crafted HTTP request to the SAML idpSelection endpoint to bypass authentication and gain full administrative access. Affected r...
CVE-2020-4428
Product and vuln : IBM Data Risk Manager (IDRM) 2.0.1–2.0.4. Issue : remote authenticated attacker can execute arbitrary commands on the system (CVE-2020-4428). Root cause / vector : authenticated access with remote command execution capability (no user interaction required). Impact : full comman...
CVE-2020-4430
CVE-2020-4430 affects IBM Data Risk Manager (IDRM) 2.0.1–2.0.4. A remote authenticated attacker can traverse directories via a specially crafted URL request to download arbitrary files from the system. The related Nessus/Checkpoints indicate multiple vulnerabilities in IDRM 2.0.1–2.0.4, including...
CVE-2020-4429
CVE-2020-4429 affects IBM Data Risk Manager (IDRM) versions 2.0.1–2.0.6. A default password for an IDRM administrative account enables a remote attacker to login and execute arbitrary code with root privileges. Public references confirm the default-password issue and associated high/severe impact...
CVE-2020-4620
CVE-2020-4620 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue arises from improper validation of file extensions, allowing a remote authenticated attacker to upload arbitrary files via a crafted HTTP request. The uploaded file could enable remote code execution on the vulnerable system. The...
CVE-2020-4617
CVE-2020-4617 affects IBM Data Risk Manager (iDNA) 2.0.6. It is a cross-site request forgery vulnerability that could allow an attacker to trick a trusted user into performing unwanted actions on the iDNA web UI. The vulnerability relies on forged requests transmitted from a user the site trusts;...
CVE-2020-4622
CVE-2020-4622 : IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials (password/cryptographic key) used for its own inbound authentication, outbound communication to external components, or encryption of internal data. This could undermine authentication/crypto trust within the produ...
CVE-2020-4615
CVE-2020-4615 (IBM Data Risk Manager 2.0.6) is a cross-site scripting vulnerability in the Web UI that could allow an authenticated user to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Connected sources corroborate iDNA 2.0.6 as affected and outline a ...
CVE-2021-38862
IBM Data Risk Manager (iDNA) 2.0.6 is affected by weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. The affected product/version is IBM DRM 2.0.6. Remediation requires upgrading to v2.0.6.8 and then applying FixPack 2.0.6.9 in sequence (not cu...
CVE-2020-4621
CVE-2020-4621 affects IBM Data Risk Manager (iDNA) 2.0.6. An authenticated user could escalate privileges to administrator due to insufficient authorization checks. The IBM bulletin corroborates privileged actions and high-impact consequences. Mitigation: upgrade to 2.0.6.4 and apply subsequent f...
CVE-2020-4611
IBM Data Risk Manager (iDNA) 2.0.6 is reported to allow an authenticated user to bypass security and perform actions reserved for admins. The entry notes this as a vulnerability in the product, with IBM’s remediation path recommending upgrading to v2.0.6.4 and then applying subsequent fixpacks (2...
CVE-2020-4612
CVE-2020-4612 affects IBM Data Risk Manager (iDNA) 2.0.6. An authenticated user can obtain sensitive information via a specially crafted HTTP request. Connected documentation confirms the issue and prescribes a remediation path: upgrade to DRM 2.0.6.4 first, then apply fixpacks 2.0.6.5 and 2.0.6....
CVE-2020-4616
CVE-2020-4616 affects IBM Data Risk Manager (iDNA) 2.0.6. A specially crafted HTTP request could disclose sensitive username information (confidentiality impact: PARTIAL). IBM X-Force entry shows multiple related scores (CVSSv2 5.0; CVSSv3.1 5.3) and related risk context. Remediation provided in ...
CVE-2020-4618
CVE-2020-4618 affects IBM Data Risk Manager (iDNA) 2.0.6, where a privileged user could cause a denial of service due to improper input validation in the application. The impact is a DoS within iDNA as described in the entry. Remediation provided in the document recommends upgrading to v2.0.6.4 f...
CVE-2021-38915
CVE-2021-38915 affects IBM Data Risk Manager 2.0.6, where user credentials are stored in plain text. The vulnerability is that authenticated users can read plaintext credentials due to insecure storage, as stated in multiple sources. There is no indication of remote code execution or exploit deta...
CVE-2020-4613
CVE-2020-4613 affects IBM Data Risk Manager (iDNA) 2.0.6, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The issue is tracked under iDNA remediation pages and IBM X-Force entries. Mitigation and Fix: upgrade to DRM 2.0.6.4 firs...
CVE-2020-4619
CVE-2020-4619 concerns IBM Data Risk Manager (iDNA) 2.0.6, where user credentials are stored in plaintext and readable by an authenticated user. The IBM security page confirms multiple related entries and details the impact as credential exposure and improper storage on the server side. Practical...
CVE-2020-4614
CVE-2020-4614 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Remediation is to upgrade to v2.0.6.4 and then apply subsequent fixpacks (2.0.6.5, 2.0.6.6) in order, as detailed in ...