IBM Data Risk Manager 2.0.1 Use of Hard-coded Credentials Vulnerability

Summary

IBM Data Risk Manager contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges.

Credit:

The information has been provided by Pedro Ribeiro

The original article can be found at:https://www.ibm.com/support/pages/node/6206875


Details

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges.

 

Vulnerable Systems:

IBM Data Risk Manager 2.0.1

IBM Data Risk Manager 2.0.2

IBM Data Risk Manager 2.0.3

IBM Data Risk Manager 2.0.4

IBM Data Risk Manager 2.0.5

IBM Data Risk Manager 2.0.6

 

CVE Information:

CVE-2020-4429

 

Disclosure Timeline:
Published Date:5/7/2020

Categories: FeaturedNews