What is CVE-2020-4429?

CVE-2020-4429 is a critical-severity vulnerability in Ibm Data Risk Manager. CVSS score: 10.0/10. Published 2020-05-07.

How severe is CVE-2020-4429?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2020-4429 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Data Risk Manager

CVE-2020-4429

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with ro…

EPSS: 0.907 (99.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/S:C/AV:N/A:H/AC:L/PR:N/C:H/I:H/UI:N/RC:C/RL:O/E:U.

Affected products

Ibm Data Risk Manager — versions 2.0.1, 2.0.2, 2.0.3

Public proof-of-concept exploits

References

www.ibm.com/support/pages/node/6206875 (x_refsource_CONFIRM)
ibm-drm-cve20204429-code-exec (180534) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2020-4429?: CVE-2020-4429 is a critical-severity vulnerability in Ibm Data Risk Manager. CVSS score: 10.0/10. Published 2020-05-07.
How severe is CVE-2020-4429?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2020-4429 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.