IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report

IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report

2020-04-21 19:04

IBM has acknowledged that it mishandled a bug report that identified four vulnerabilities in its enterprise security software, and plans to issue an advisory.

IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure.

Prior to going public, Ribeiro had tried to get CC/CERT to privately coordinate responsible disclosure with IBM, but Big Blue refused to accept the bug report.

The first three have been confirmed to affect IBM Data Risk Manager 2.0.1 to 2.0.3.

The Register asked IBM whether 2.0.6 is affected but IBM's spokesperson did not respond.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/

#bigblue #exploit #IBM #report #root

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
IBM		1267	1494	3787	867	471	6619

News URL

Related news

Related vendor