Main Vulnerability Database Exploits ID:2590 - Exploit for Improper Authentication in IBM Data Risk Manager - CVE-2020-4428

ID:2590 - Exploit for Improper Authentication in IBM Data Risk Manager - CVE-2020-4428

Published: April 22, 2020

Vulnerability identifier: #VU27084

Vulnerability risk: High

CVE-ID: CVE-2020-4428

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
IBM Data Risk Manager

Link to public exploit:

https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to sensitive information exposure at the "/albatross/saml/idpSelection" API endpoint that provides unauthenticated users with a valid session identifier. A remote non-authenticated attacker can obtain session identifier, bypass authentication process and gain unauthorized access to the application.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:2590 - Exploit for Improper Authentication in IBM Data Risk Manager - CVE-2020-4428

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human