Skip to content

Home Publications IBM 0 - day (April 22, 2020)
IBM 0 - day (April 22, 2020)
Wednesday, 22 April 2020 15:00

IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. They include Authentication Bypass, Command Injection, Insecure Default Password, and Arbitrary File Download. Researcher says IBM refused to accept the vulnerability reports.

 
[YOUR IP: 3.233.229.90: 39260] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...