CyberNews Briefs

RCE Exploit Released for IBM Data Risk Manager, No Patch Available

IBM has not yet patched four serious security vulnerabilities that lie in the IBM Data Risk Manager (IDRM). The vulnerabilities can lead to unauthenticated remote code execution (RCE), according to an analysis from Agile Information Security. A proof-of-concept exploit is also available for version 2.0.3. IDRM serves as a software platform that aggregates threat data from scrutiny systems, allowing it to conduct enterprise security risk analysis.

Agile Information Security reports that versions 2.0.1 and 2.0.3 of the IDRM Linux virtual appliance has vulnerabilities that are related to authentication bypass, as well as command injection, insecure default password, and arbitrary file download. According to researchers, the first three vulnerabilities listed can be combined to achieve RCE. Agile Information Security wrote in an analysis on Tuesday that the vulnerabilities pose a serious threat to IBM, as IDRM handles very sensitive information.

Read More: RCE Exploit Released for IBM Data Risk Manager, No Patch Available

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.