ID:2588 - Exploit for Command Injection in IBM Data Risk Manager - CVE-2020-4429

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:2588 - Exploit for Command Injection in IBM Data Risk Manager - CVE-2020-4429

ID:2588 - Exploit for Command Injection in IBM Data Risk Manager - CVE-2020-4429

Published: April 22, 2020


Vulnerability identifier: #VU27081
Vulnerability risk: Medium
CVE-ID: CVE-2020-4429
CWE-ID: CWE-77
Exploitation vector: Remote access
Vulnerable software:
IBM Data Risk Manager

Link to public exploit:


Vulnerability description

The vulnerability allows a remote authenticated user to inject and execute arbitrary commands on the system.

The vulnerability exists due to insufficient filtration of user-supplied data within the "/albatross/restAPI/v2/nmap/run/scan" API. A remote authenticated user with ability to upload files can upload and execute arbitrary code on the system.


Remediation

Install updates from vendor's website.