CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4427

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score81.9860%
EPSS Percentile89.57th
PublishedMay 7, 2020
Last ModifiedNov 4, 2025

Vulnerability Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.

Affected Platforms (CPE)

πŸ“¦
Ibm

Data Risk Manager

>= 2.0.1 and <= 2.0.6.1

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/180532
πŸ”— https://www.ibm.com/support/pages/node/6206875
πŸ”— http://seclists.org/fulldisclosure/2024/Nov/0
πŸ”— http://seclists.org/fulldisclosure/2024/Nov/1
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/180532
πŸ”— https://www.ibm.com/support/pages/node/6206875
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-4427

Related Vulnerabilities

CVE-2020-44299.8

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account....

CVE-2020-44289.1

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on ...

CVE-2020-46118.8

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. I...

CVE-2020-46208.8

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper v...