Multiple vulnerabilities in IBM Data Risk Manager
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-4428 CVE-2020-4429 |
| CWE-ID | CWE-287 CWE-521 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
IBM Data Risk Manager Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
Updated: 05.05.2020
Assigned CVE-IDs.
1) Improper Authentication
EUVDB-ID: #VU27084
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2020-4428
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to sensitive information exposure at the "/albatross/saml/idpSelection" API endpoint that provides unauthenticated users with a valid session identifier. A remote non-authenticated attacker can obtain session identifier, bypass authentication process and gain unauthorized access to the application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIBM Data Risk Manager: 2.0.1 - 2.0.4
External linkshttp://seclists.org/fulldisclosure/2020/Apr/33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Weak password requirements
EUVDB-ID: #VU27085
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2020-4429
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: Yes
DescriptionThe vulnerability allows an attacker to gain unauthorized access to the application.
The vulnerability exists due to application is using default credentials of "a3user:idrm" for user with access to SSH and sudo commands and does not require obligatory password change for this account upon first login.A remote attacker can abuse this account to gain unauthorized access to the application.
Note, despite the case being described in the IBM documentation this is a security vulnerability that should be addresses by forcing users to change default passwords rather than writing about it in manuals.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsIBM Data Risk Manager: 2.0.1 - 2.0.6
External linkshttp://seclists.org/fulldisclosure/2020/Apr/33
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
