Vulnerability Details CVE-2020-4430
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.552
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Proposed Action
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.
Ransomware Campaign
Unknown
References
Products affected by CVE-2020-4430
-
cpe:2.3:a:ibm:data_risk_manager:2.0.1
-
cpe:2.3:a:ibm:data_risk_manager:2.0.1.1
-
cpe:2.3:a:ibm:data_risk_manager:2.0.1.2
-
cpe:2.3:a:ibm:data_risk_manager:2.0.2
-
cpe:2.3:a:ibm:data_risk_manager:2.0.3
-
cpe:2.3:a:ibm:data_risk_manager:2.0.3.1
-
cpe:2.3:a:ibm:data_risk_manager:2.0.3.2
-
cpe:2.3:a:ibm:data_risk_manager:2.0.4