CVE-2020-4620: Malicious File Upload

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2020-4620.

Q: What is the severity of CVE-2020-4620?

The severity of CVE-2020-4620 is critical with a CVSS score of 8.8.

Q: How does CVE-2020-4620 affect IBM Data Risk Manager?

CVE-2020-4620 allows a remote authenticated attacker to upload arbitrary files in IBM Data Risk Manager 2.0.6.

Q: How can an attacker exploit CVE-2020-4620?

An attacker can exploit CVE-2020-4620 by sending a specially-crafted HTTP request to upload a malicious file.

Q: Is there a patch available for CVE-2020-4620?

Yes, there is a patch available for CVE-2020-4620. You can find it on the IBM Support website.

Published Sep 22, 2020

Updated

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.

Affected Software

2 affected componentsFixes available

IBM Data Risk Manager<2.0.6.4

IBM Data Risk Manager<=2.0.6

Remediation

Patch Available

https://www.ibm.com/support/pages/node/6335281

Event History

Sep 22, 2020

CVE Published

via MITRE·01:55 PM

Data Sourced

via MITRE·01:55 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6335281

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2020-4620.

What is the severity of CVE-2020-4620?

The severity of CVE-2020-4620 is critical with a CVSS score of 8.8.

How does CVE-2020-4620 affect IBM Data Risk Manager?