CVE-2020-4620

Name of the Vulnerable Software and Affected Versions IBM Data Risk Manager (iDNA) version 2.0.6

Description The issue is caused by the improper validation of file extensions, allowing a remote authenticated attacker to upload arbitrary files. By sending a specially-crafted HTTP request, a remote attacker could exploit this to upload a malicious file, potentially executing arbitrary code on the vulnerable system.

Recommendations For IBM Data Risk Manager (iDNA) version 2.0.6, consider restricting file uploads or validating file extensions to prevent malicious file uploads until a patch is available. As a temporary workaround, restrict access to the file upload functionality to minimize the risk of exploitation.