Hard-Coded Credentials in IBM Data Risk Manager Product
CVE-2020-4622

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Data Risk Manager
Vendor
CVE Published:
22 September 2020

Summary

IBM Data Risk Manager (iDNA) version 2.0.6 is vulnerable due to the presence of hard-coded credentials, including a password or cryptographic key. These credentials are used for inbound authentication and may facilitate unauthorized access or lead to exposure of sensitive data. The vulnerability poses significant security risks, as it could allow attackers to exploit the system’s authentication mechanisms and access internal data. It is crucial for users of this version to review their security posture and take corrective measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Data Risk Manager 2.0.6

References

https://www.ibm.com/support/pages/node/6335281
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/184983
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.