Skip to main content

Data Risk Manager CVE-2020-4429

CRITICAL
Use of Hard-coded Credentials (CWE-798)
2020-05-07 psirt@us.ibm.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 07, 2020 - 20:15 nvd
CRITICAL 9.8

DescriptionNVD

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

AnalysisAI

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534. Affected products include: Ibm Data Risk Manager.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2020-4427 CRITICAL POC
9.8 May 07

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest

CVE-2020-4428 CRITICAL POC
9.1 May 07

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary co

CVE-2020-4621 HIGH
8.8 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due t

CVE-2020-4620 HIGH
8.8 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the

CVE-2020-4611 HIGH
8.8 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for

CVE-2020-4617 HIGH
8.1 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute

CVE-2021-38862 HIGH
7.5 Oct 12

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to de

CVE-2020-4622 HIGH
7.5 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it us

CVE-2020-4614 HIGH
7.5 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to de

CVE-2020-4613 HIGH
7.5 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to de

CVE-2021-38915 MEDIUM
6.5 Oct 12

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. Rate

CVE-2020-4619 MEDIUM
6.5 Sep 22

IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated

Share

CVE-2020-4429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy