CVE-2020-4427

Name of the Vulnerable Software and Affected Versions IBM Data Risk Manager versions 2.0.1 through 2.0.6

Description The issue is related to the implementation of SAML (Security Assertion Markup Language) technology in IBM Data Risk Manager, which is associated with deficiencies in the authentication mechanism. By sending a specially crafted HTTP request, a remote attacker could exploit this to bypass security restrictions and gain full administrative access to the system when configured with SAML authentication.

Recommendations For IBM Data Risk Manager versions 2.0.1 through 2.0.6, consider disabling SAML authentication as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using the vulnerable authentication mechanism in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.