← Menace / CVE-2020-4427
CVE-2020-4427
Critique
IBM Data Risk Manager Security Bypass Vulnerability.
IBM · Data Risk Manager
Exploitabilité (EPSS)
70 %
percentile mondial 99
Sévérité (CVSS)
9
CVSS v3.0
Ajoutée au KEV
03 nov. 2021
échéance CISA · 03 mai 2022
Description
IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.
Action requise (CISA)
Apply updates per vendor instructions.
Signal de priorisation (d’inspiration SSVC)
Examiner rapidement
Exploitation
Active (catalogue KEV)
Active (catalogue KEV)
Automatisable
Inconnu
Inconnu
Impact technique
Total
Total
Une orientation, pas une décision : le 4ᵉ facteur SSVC (impact mission/société) dépend du contexte de votre organisation. Méthode ↗