Privilege Escalation in IBM Data Risk Manager by Insufficient Authorization Checks
CVE-2020-4621

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
22 September 2020

Summary

IBM Data Risk Manager (iDNA) version 2.0.6 is vulnerable to a privilege escalation issue due to insufficient authorization checks. An authenticated user could potentially exploit this flaw to gain elevated privileges, enabling unauthorized access to administrative functionalities. This vulnerability highlights the critical need for robust authorization mechanisms to prevent unauthorized privilege elevation, ensuring system integrity and security.

Affected Version(s)

Data Risk Manager 2.0.6

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.