Skip to main content

Data Risk Manager

18 CVEs product

Monthly

CVE-2021-38915 MEDIUM This Month

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-38862 HIGH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-4622 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-4621 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-4620 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2020-4619 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-4618 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Data Risk Manager
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-4617 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Data Risk Manager
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2020-4616 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-4615 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Data Risk Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4614 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4613 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-4612 MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-4611 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-4430 MEDIUM KEV PATCH THREAT This Month

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Data Risk Manager
NVD
CVSS 3.1
4.3
EPSS
68.5%
CVE-2020-4429 CRITICAL POC PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

RCE IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
71.4%
CVE-2020-4428 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Data Risk Manager
NVD
CVSS 3.1
9.1
EPSS
61.7%
CVE-2020-4427 CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Data Risk Manager
NVD
CVSS 3.1
9.8
EPSS
70.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Data Risk Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

IBM Authentication Bypass Data Risk Manager
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Data Risk Manager
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Data Risk Manager
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Data Risk Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Data Risk Manager
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Data Risk Manager
NVD
EPSS 69% CVSS 4.3
MEDIUM KEV PATCH THREAT This Month

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Data Risk Manager
NVD
EPSS 71% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

RCE IBM Authentication Bypass +1
NVD
EPSS 62% CVSS 9.1
CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Data Risk Manager
NVD
EPSS 70% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Data Risk Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy