Vulnerability Details : CVE-2020-4429
Public exploit exists!
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
Vulnerability category: Execute code
Products affected by CVE-2020-4429
- cpe:2.3:a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_risk_manager:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_risk_manager:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_risk_manager:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_risk_manager:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-4429
5.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-4429
-
IBM Data Risk Manager a3user Default Password
Disclosure Date: 2020-04-21First seen: 2020-05-14exploit/linux/ssh/ibm_drm_a3userThis module abuses a known default password in IBM Data Risk Manager. The 'a3user' has the default password 'idrm' and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as 'a3user' has sudo access with the default -
IBM Data Risk Manager Arbitrary File Download
Disclosure Date: 2020-04-21First seen: 2020-05-14auxiliary/admin/http/ibm_drm_downloadIBM Data Risk Manager (IDRM) contains two vulnerabilities that can be chained by an unauthenticated attacker to download arbitrary files off the system. The first is an unauthenticated bypass, followed by a path traversal. This module exploits both vulnerabil -
IBM Data Risk Manager Unauthenticated Remote Code Execution
Disclosure Date: 2020-04-21First seen: 2020-05-14exploit/linux/http/ibm_drm_rceIBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally ab
CVSS scores for CVE-2020-4429
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
IBM Corporation | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-4429
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-4429
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/180534
IBM Data Risk Manager code execution CVE-2020-4429 Vulnerability ReportVDB Entry
-
https://www.ibm.com/support/pages/node/6206875
Security Bulletin: Vulnerabilities exist in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429, and CVE-2020-4430)Patch;Vendor Advisory
Jump to