CVE-2020-4430

Summary

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.

Affected Software

VendorProductVersion RangeStatus
IBMData Risk Manager2.0.1affected
IBMData Risk Manager2.0.2affected
IBMData Risk Manager2.0.3affected
IBMData Risk Manager2.0.4affected
IBMData Risk Manager2.0.5affected
IBMData Risk Manager2.0.6affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: partial

Additional References

References