IBM Data Risk Manager (IDRM)

A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure.

The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks.

According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root.

  • Authentication Bypass
  • Command Injection
  • Insecure Default Password
  • Arbitrary File Download

Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the latest version of the software but believes they also work through 2.0.4 to the newest version 2.0.6 because “there is no mention of fixed vulnerabilities in any change log.”

“IDRM is an enterprise security…

http://feedproxy.google.com/~r/TheHackersNews/~3/CDlsclFLdbg/ibm-data-risk-manager-vulnerabilities.html

About Author
Edvis
View All Articles
Check latest article from this author !
SonicWall Vulnerability Under Active Attack
New Apple CarPlay Release Date Remains Unknown
Trump Backs Crypto Expansion

Trump Backs Crypto Expansion

January 25, 2025

Leave a Reply

Related Posts