NVD disclosure day
CVE-2020-4430
Halo Surface Signal: 3 out of 5 — possibly public-facing.
IBM Data Risk Manager allows authenticated attackers to download arbitrary files by exploiting a directory traversal vulnerability. This could lead to the exposure of sensitive data, posing a business risk to affected organizations. The exploit requires network access and authenticated user credentials.
CVE-2020-4428
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
IBM Data Risk Manager versions 2.0.1 through 2.0.4 can allow an authenticated attacker to run unauthorized commands. This could lead to unauthorized system control and impact business operations. Organizations should address this vulnerability.
CVE-2020-4427
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A security bypass vulnerability exists in IBM Data Risk Manager with SAML authentication. Attackers can exploit this to gain full administrative access, impacting data integrity and operations.