Privilege Escalation in IBM Data Risk Manager by Insufficient Authorization Checks
CVE-2020-4621
8.8HIGH
Summary
IBM Data Risk Manager (iDNA) version 2.0.6 is vulnerable to a privilege escalation issue due to insufficient authorization checks. An authenticated user could potentially exploit this flaw to gain elevated privileges, enabling unauthorized access to administrative functionalities. This vulnerability highlights the critical need for robust authorization mechanisms to prevent unauthorized privilege elevation, ensuring system integrity and security.
Affected Version(s)
Data Risk Manager 2.0.6
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved