Vulnerabilities > IBM > Data Risk Manager > 2.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-22 | CVE-2020-4612 | Information Exposure vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. | 4.0 |
2020-09-22 | CVE-2020-4611 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. | 6.5 |
2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.0 |
2020-05-07 | CVE-2020-4429 | Use of Hard-coded Credentials vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. | 10.0 |
2020-05-07 | CVE-2020-4428 | OS Command Injection vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
2020-05-07 | CVE-2020-4427 | Unspecified vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. | 9.0 |