Multiple vulnerabilities in IBM Data Risk Manager

Published: 2020-04-22 | Updated: 2020-05-05

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2020-4429 CVE-2020-4427
CWE-ID	CWE-77 CWE-22
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Vulnerability #2 is being exploited in the wild.
Vulnerable software Subscribe	IBM Data Risk Manager Web applications / Other software
Vendor	IBM Corporation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated: 05.05.2020

Assigned CVE-IDs.

1) Command Injection

EUVDB-ID: #VU27081

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-4429

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote authenticated user to inject and execute arbitrary commands on the system.

The vulnerability exists due to insufficient filtration of user-supplied data within the "/albatross/restAPI/v2/nmap/run/scan" API. A remote authenticated user with ability to upload files can upload and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IBM Data Risk Manager: 2.0.1 - 2.0.3

External links

http://www.ibm.com/support/pages/node/6195705
http://seclists.org/fulldisclosure/2020/Apr/33

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Path traversal

EUVDB-ID: #VU27082

Risk: Low

CVSSv3.1: 2.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-4427

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')