CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-4620

HIGH
8.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile34.45th
Published2020年9月22日
Last Modified2024年11月21日

Vulnerability Description

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.

Affected Platforms (CPE)

📦
Ibm

Data Risk Manager

< 2.0.6.4

References & Advisories

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/184979
🔗 https://www.ibm.com/support/pages/node/6335281
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/184979
🔗 https://www.ibm.com/support/pages/node/6335281

関連する脆弱性情報

CVE-2020-44279.8

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions w...

CVE-2020-44299.8

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account....

CVE-2020-44289.1

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on ...

CVE-2020-46118.8

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. I...