Security News > 2020 > April > IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report
IBM has acknowledged that it mishandled a bug report that identified four vulnerabilities in its enterprise security software, and plans to issue an advisory.
IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure.
Prior to going public, Ribeiro had tried to get CC/CERT to privately coordinate responsible disclosure with IBM, but Big Blue refused to accept the bug report.
The first three have been confirmed to affect IBM Data Risk Manager 2.0.1 to 2.0.3.
The Register asked IBM whether 2.0.6 is affected but IBM's spokesperson did not respond.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/