Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-4429Hard-coded Credentials in IBM Data Risk Manager

CWE-798Hard-coded Credentials5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
90.7%
top 0.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Data Risk Manager
Timeline
PublishedMay 7
Latest updateMay 24

Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/data_risk_manager6 versions+5
NVDibm/data_risk_manager6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
GHSA
GHSA-5634-wp84-cm8x: IBM Data Risk Manager 22022-05-24
CVEList
CVE-2020-4429: IBM Data Risk Manager 22020-05-07
VulnCheck
IBM data_risk_manager Use of Hard-coded Credentials2020

💥Exploits & PoCs

1
Nuclei
IBM Data Risk Manager - Hardcoded Credentials
CVE-2020-4429 — Hard-coded Credentials in IBM | cvebase