Vulnerabilities > IBM > Data Risk Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-22 | CVE-2020-4614 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. | 5.0 |
| 2020-09-22 | CVE-2020-4613 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-09-22 | CVE-2020-4612 | Information Exposure vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. | 4.0 |
| 2020-09-22 | CVE-2020-4611 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Data Risk Manager IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. | 6.5 |
| 2020-05-07 | CVE-2020-4430 | Path Traversal vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. | 4.0 |
| 2020-05-07 | CVE-2020-4429 | Use of Hard-coded Credentials vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. | 10.0 |
| 2020-05-07 | CVE-2020-4428 | OS Command Injection vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
| 2020-05-07 | CVE-2020-4427 | Unspecified vulnerability in IBM Data Risk Manager IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. | 9.0 |