CVE-2020-4429 PoC — IBM Data Risk Manager 信任管理问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2020/CVE-2020-4429.yaml

Associated Vulnerability

Title:IBM Data Risk Manager 信任管理问题漏洞 (CVE-2020-4429)
Description:IBM Data Risk Manager是美国IBM公司的一款数据风险管理器。该产品支持发现、分析和可视化业务风险数据等。 IBM Data Risk Manager中存在信任管理问题漏洞，该漏洞源于IDRM管理账户使用了默认密码。攻击者可利用该漏洞登录到系统，获取root权限并执行任意代码。以下产品及版本受到影响：IBM Data Risk Manager 2.0.1版本，2.0.2版本，2.0.3版本，2.0.4版本，2.0.5版本，2.0.6版本。

Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID- 180534.

File Snapshot


 id: CVE-2020-4429

info:
  name: IBM Data Risk Manager - Hardcoded Credentials
  author: Kazgangap
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!