CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4429

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile21.14th
PublishedMay 7, 2020
Last ModifiedNov 3, 2025

Vulnerability Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

Affected Platforms (CPE)

πŸ“¦
Ibm

Data Risk Manager

= 2.0.1
πŸ“¦
Ibm

Data Risk Manager

= 2.0.2
πŸ“¦
Ibm

Data Risk Manager

= 2.0.3
πŸ“¦
Ibm

Data Risk Manager

= 2.0.4
πŸ“¦
Ibm

Data Risk Manager

= 2.0.5
πŸ“¦
Ibm

Data Risk Manager

= 2.0.6

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/180534
πŸ”— https://www.ibm.com/support/pages/node/6206875
πŸ”— http://seclists.org/fulldisclosure/2024/Nov/0
πŸ”— http://seclists.org/fulldisclosure/2024/Nov/1
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/180534
πŸ”— https://www.ibm.com/support/pages/node/6206875

Related Vulnerabilities

CVE-2020-44279.8

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions w...

CVE-2020-44289.1

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on ...

CVE-2020-46118.8

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. I...

CVE-2020-46208.8

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper v...