Data Risk Manager

data_risk_manager

Vendor: Ibm • 18 CVEs

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-38915 1Ibm 1Data Risk Manager Nov 21, 2024 Oct 12, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.
CVE-2021-38862 1Ibm 1Data Risk Manager Nov 21, 2024 Oct 12, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.
CVE-2020-4622 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption...Show more IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.Show less
CVE-2020-4621 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.
CVE-2020-4620 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attack...Show more IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.Show less
CVE-2020-4619 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.
CVE-2020-4618 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.
CVE-2020-4617 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...Show more IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930.Show less
CVE-2020-4616 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.
CVE-2020-4615 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c...Show more IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.Show less
CVE-2020-4614 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.
CVE-2020-4613 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.
CVE-2020-4612 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.
CVE-2020-4611 1Ibm 1Data Risk Manager Nov 21, 2024 Sep 22, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.
CVE-2020-4430 1Ibm 1Data Risk Manager Jan 14, 2026 May 7, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files f...Show more IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.Show less
CVE-2020-4429 1Ibm 1Data Risk Manager Nov 3, 2025 May 7, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on...Show more IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.Show less
CVE-2020-4428 1Ibm 1Data Risk Manager Nov 4, 2025 May 7, 2020 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
CVE-2020-4427 1Ibm 1Data Risk Manager Nov 4, 2025 May 7, 2020 N/A· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an a...Show more IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.Show less