⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-4427 — Improper Authentication in IBM Data Risk Manager

CWE-287 — Improper Authentication6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

92.7%

top 0.24%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

IBM Data Risk Manager

Timeline

PublishedMay 7

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/data_risk_manager2.0.1 — 2.0.6.1

▶CVEListV5ibm/data_risk_manager6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-24c2-gvwg-5p45: IBM Data Risk Manager 2↗2022-05-24

▶

CVEList

CVE-2020-4427: IBM Data Risk Manager 2↗2020-05-07

▶

VulnCheck

IBM Data Risk Manager Security Bypass Vulnerability↗2020

▶

💥Exploits & PoCs

Nuclei

IBM Data Risk Manager - Authentication Bypass via SAML

▶

📋Vendor Advisories

CISA

IBM Data Risk Manager Security Bypass Vulnerability↗2021-11-03

▶