Attacker Value

High

(1 user assessed)

Exploitability

Moderate

(1 user assessed)

User Interaction

None

Privileges Required

High

Attack Vector

Network

CVE-2020-4428

Disclosure Date: April 21, 2020 •

CVE-2020-4428 CVSS v3 Base Score: 9.1

Exploited in the Wild

Reported by gwillcox-r7
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

IBM Data Risk Manager Unauthenticated Remote Code Execution

Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.

Add Assessment

wvu-r7 (437)

May 08, 2020 4:04pm UTC (3 years ago)•

Ratings

Attacker Value

High

Exploitability

Medium

Common in enterprise Easy to weaponize Gives privileged access Unauthenticated Vulnerable in default configuration

Technical Analysis

Assessment for the related CVEs here: https://attackerkb.com/assessments/ff54c69c-ecb9-4330-8286-b5d9654db5af.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.1 Critical

Impact Score:

Exploitability Score:

2.3

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

data risk manager 2.0.1,
data risk manager 2.0.2,
data risk manager 2.0.3,
data risk manager 2.0.4,
data risk manager 2.0.5,
data risk manager 2.0.6

Metasploit Modules

IBM Data Risk Manager Unauthenticated Remote Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ibm_drm_rce.rb)

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: June 14, 2022 9:34pm UTC (1 year ago)

References

Canonical

CVE-2020-4428 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4428)

Advisory

https://www.ibm.com/support/pages/node/6206875

XF-ibm-drm-cve20204428-command-exec (180533) (https://exchange.xforce.ibmcloud.com/vulnerabilities/180533)

Rapid7

High

CVE-2020-4428

High

Moderate

None

High

Network

CVE-2020-4428

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

High

CVE-2020-4428

High

Moderate

None

High

Network

CVE-2020-4428

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Metasploit Modules

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification