Skip to main content
CVE-2020-4429 CRITICAL POC PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

RCE IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2020-4427 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
70.0%
CVE-2020-4428 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Data Risk Manager
NVD
CVSS 3.1
9.1
EPSS
61.7%
CVE-2020-10794 CRITICAL POC Act Now

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tks Ip Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10176 CRITICAL POC Act Now

ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Yale Wipc 301W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7646 CRITICAL POC Act Now

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Curlrequest
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-11052 CRITICAL PATCH Act Now

In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sorcery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-7805 CRITICAL Act Now

An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iml500 Firmware Iml520 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-11431 CRITICAL PATCH Act Now

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Clear Reports Helpdesk Pdfc
NVD
CVSS 3.1
9.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy