CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4430

Known Exploited (CISA KEV)MEDIUM
4.3
CVSS Severity Score
EPSS Score37.5150%
EPSS Percentile87.76th
PublishedMay 7, 2020
Last ModifiedJan 14, 2026

Vulnerability Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.

Affected Platforms (CPE)

πŸ“¦
Ibm

Data Risk Manager

>= 2.0.1 and <= 2.0.4

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/180535
πŸ”— https://www.ibm.com/support/pages/node/6206875
πŸ”— http://seclists.org/fulldisclosure/2024/Nov/0
πŸ”— http://seclists.org/fulldisclosure/2024/Nov/1
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/180535
πŸ”— https://www.ibm.com/support/pages/node/6206875
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-4430

Related Vulnerabilities

CVE-2020-44279.8

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions w...

CVE-2020-44299.8

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account....

CVE-2020-44289.1

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on ...

CVE-2020-46118.8

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. I...