CVE-2020-4430
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 30, 2019
- Published Date
- May 07, 2020
- Last Updated
- February 07, 2025
- Vendor
- IBM
- Product
- Data Risk Manager
- Description
- IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
CVSS Scores
CVSS v3.0
4.3 - MEDIUM
Vector: CVSS:3.0/S:U/AV:N/A:N/AC:L/C:L/PR:L/UI:N/I:N/E:U/RC:C/RL:O
SSVC Information
- Exploitation
- active
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2021-11-03 00:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |