{"id":14190,"date":"2020-04-23T00:01:00","date_gmt":"2020-04-22T22:01:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14190"},"modified":"2020-04-22T23:31:57","modified_gmt":"2020-04-22T21:31:57","slug":"vier-0-day-schwachstellen-in-ibm-data-risk-manager","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/23\/vier-0-day-schwachstellen-in-ibm-data-risk-manager\/","title":{"rendered":"Four 0-day Exploits in IBM Data Risk Manager"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/22\/vier-0-day-schwachstellen-in-ibm-data-risk-manager\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Security researchers have just revealed four unpatched vulnerabilities in IBM Data Risk Manager. The vulnerabilities were reported to IBM, but IBM rejected the report due to lack of formal requirements. Three vulnerabilities are considered critical. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/d4ec26a25e6f4bb18d119d0f97de074a\" width=\"1\" height=\"1\">IBM Data Risk Manager is actually designed to protect corporate networks and provide administrators with data from various security solutions running on the network. But the way the 0-day vulnerabilities have now been made public is a kind of a special taste. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I am disclosing four 0day for IBM Data Risk Manager, an ENTERPRISE SECURITY APPLIANCE<a href=\"https:\/\/twitter.com\/IBMSecurity?ref_src=twsrc%5Etfw\">@IBMSecurity<\/a> refused to accept <a href=\"https:\/\/twitter.com\/certcc?ref_src=twsrc%5Etfw\">@certcc<\/a>'s disclosure and told them to fleck off! <br \/>Advisory and exploits here, have fun: <a href=\"https:\/\/t.co\/60a7XRZt4C\">https:\/\/t.co\/60a7XRZt4C<\/a><\/p>\n<p>\u2014 Pedro Ribeiro (@pedrib1337) <a href=\"https:\/\/twitter.com\/pedrib1337\/status\/1252522196037038081?ref_src=twsrc%5Etfw\">April 21, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Pedro Ribeiro made this public yesterday in the above tweet. There he points out that he published the vulnerabilities in IBM Data Risk Manager because IBM-Security had rather rebuffed him with his reports about the vulnerabilities. The reasoning:<\/p>\n<blockquote>\n<p><em><strong>we have assessed this report and closed as being out of scope for our vulnerability disclosure program since this product is only for \"enhanced\" support paid for by our customers<\/strong>. This is outlined in our policy <a href=\"https:\/\/hackerone.com\/ibm\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/hackerone.com\/ibm<\/a>. To be eligible to participate in this program, you must not be under contract to perform security testing for IBM Corporation, or an IBM subsidiary, or IBM client within 6 months prior to submitting a report.<\/em><\/p>\n<\/blockquote>\n<p>The reported case was closed by IBM, because the product is only available for paying customers. An analysis of the IBM Data Risk Manager Linux virtual appliance revealed that it contained four vulnerabilities, three of which were classified as critical and one as high risk. The four vulnerabilities:<\/p>\n<ul>\n<li>Authentication bypass\n<li>Command Injection\n<li>Insecure default password\n<li>Any download of files<\/li>\n<\/ul>\n<p>On <a href=\"https:\/\/github.com\/pedrib\/PoC\/blob\/master\/advisories\/IBM\/ibm_drm\/ibm_drm_rce.md\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub<\/a>, security researchers describe the four vulnerabilities and the steps required to chain the first three. This allows for unauthenticated remote code execution as root. The researchers also release two metasploit modules that bypass authentication, allow remote code execution and exploit arbitrary file downloads. Quasi the full program. For IBM, the shot may now have backfired. At <a href=\"https:\/\/thehackernews.com\/2020\/04\/ibm-data-risk-manager-vulnerabilities.html\" target=\"_blank\" rel=\"noopener noreferrer\">The Hacker News<\/a>, <a href=\"https:\/\/www.zdnet.com\/article\/security-researcher-discloses-four-ibm-zero-days-after-company-refused-to-patch\/\" target=\"_blank\" rel=\"noopener noreferrer\">ZDNet<\/a> and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/researcher-discloses-four-ibm-zero-days-after-refusal-to-fix\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a> are also articles on the subject. Any of you who use the IBM Data Risk Manager up to version 2.0.6?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Security researchers have just revealed four unpatched vulnerabilities in IBM Data Risk Manager. The vulnerabilities were reported to IBM, but IBM rejected the report due to lack of formal requirements. Three vulnerabilities are considered critical.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-14190","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14190"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14190\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}