CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-4428

CVSS 9.1v3.1pub. 2020-05-07upd. 2025-11-04

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • IBM Data Risk Manager

    APP
    Ibm
    2.0.1 – 2.0.4

CISA KEV — detailsi

Vendori
IBM
Producti
Data Risk Manager
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-4427CRITICAL9.8⚠ KEVten sam produkt

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...

CVE-2020-4429CRITICAL9.8ten sam produkt

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM adm...

CVE-2021-38862HIGH7.5ten sam produkt

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an atta...

CVE-2020-4611HIGH8.8ten sam produkt

IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions re...

CVE-2020-4613HIGH7.5ten sam produkt

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an atta...