CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-4427

CVSS 9.8v3.1pub. 2020-05-07upd. 2025-11-04

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Data Risk Manager

    APP
    Ibm
    2.0.1 – 2.0.6.1

CISA KEV — detailsi

Vendori
IBM
Producti
Data Risk Manager
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2020-4428CRITICAL9.1⚠ KEVten sam produkt

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute ar...

CVE-2020-4429CRITICAL9.8ten sam produkt

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM adm...

CVE-2021-38862HIGH7.5ten sam produkt

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an atta...

CVE-2020-4611HIGH8.8ten sam produkt

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions re...

CVE-2020-4613HIGH7.5ten sam produkt

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an atta...