Security News > 2020 > April > IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report

IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report
2020-04-21 19:04

IBM has acknowledged that it mishandled a bug report that identified four vulnerabilities in its enterprise security software, and plans to issue an advisory.

IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure.

Prior to going public, Ribeiro had tried to get CC/CERT to privately coordinate responsible disclosure with IBM, but Big Blue refused to accept the bug report.

The first three have been confirmed to affect IBM Data Risk Manager 2.0.1 to 2.0.3.

The Register asked IBM whether 2.0.6 is affected but IBM's spokesperson did not respond.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
IBM 736 216 2774 1264 248 4502