IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/180532 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6206875 | Patch Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/180532 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6206875 | Patch Vendor Advisory |
Configurations
History
12 Feb 2025, 19:34
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_risk_manager:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_risk_manager:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_risk_manager:2.0.3:*:*:*:*:*:*:* |
cpe:2.3:a:ibm:data_risk_manager:*:*:*:*:*:*:*:* |
07 Feb 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-287 |
21 Nov 2024, 05:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/180532 - VDB Entry, Vendor Advisory | |
| References | () https://www.ibm.com/support/pages/node/6206875 - Patch, Vendor Advisory |
12 Jul 2022, 17:42
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo |
Information
Published : 2020-05-07 20:15
Updated : 2025-02-12 19:34
NVD link : CVE-2020-4427
Mitre link : CVE-2020-4427
CVE.ORG link : CVE-2020-4427
JSON object : View
Products Affected
ibm
- data_risk_manager
CWE