IBM Data Risk Manager
By the Year
In 2024 there have been 0 vulnerabilities in IBM Data Risk Manager . Data Risk Manager did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 2 | 7.00 |
2020 | 4 | 8.25 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Data Risk Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Data Risk Manager Security Vulnerabilities
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user
CVE-2021-38915
6.5 - Medium
- October 12, 2021
IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
Cleartext Storage of Sensitive Information
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms
CVE-2021-38862
7.5 - High
- October 12, 2021
IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.
Inadequate Encryption Strength
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could
CVE-2020-4427
9.8 - Critical
- May 07, 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could
CVE-2020-4428
9.1 - Critical
- May 07, 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
Shell injection
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account
CVE-2020-4429
9.8 - Critical
- May 07, 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
Use of Hard-coded Credentials
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system
CVE-2020-4430
4.3 - Medium
- May 07, 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Data Risk Manager or by IBM? Click the Watch button to subscribe.