admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-14 06:33:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
22f1d94449fcb8bdd55f54594deac3539108b51e
nuclei-templates/javascript/cves/2020/CVE-2020-4429.yaml
ghost afd17401d2 chore: update EPSS scores 🤖
2025-10-25 02:29:19 +00:00

56 lines
2.1 KiB
YAML
Raw Blame History

id: CVE-2020-4429
info:
name: IBM Data Risk Manager - Hardcoded Credentials
author: Kazgangap
severity: critical
description: |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID- 180534.
impact: |
Remote attackers can gain root access and execute arbitrary code, potentially leading to complete system compromise.
remediation: |
Change default passwords and update to the latest version if available.
reference:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/180534
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/ibm_drm_a3user.rb
- https://www.ibm.com/support/pages/security-bulletin-vulnerabilities-exist-ibm-data-risk-manager-cve-2020-4427-cve-2020-4428-cve-2020-4429-and-cve-2020-4430
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-4429
cwe-id: CWE-798
epss-score: 0.80629
epss-percentile: 0.99088
cpe: cpe:2.3:a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:*
metadata:
verified: false
max-request: 1
vendor: ibm
product: data_risk_manager
tags: cve,cve2020,ibm,default-login,vkev
javascript:
- pre-condition: |
var m = require("nuclei/ssh");
var c = m.SSHClient();
var response = c.ConnectSSHInfoMode(Host, Port);
response["UserAuth"].includes("password")
code: |
var m = require("nuclei/ssh");
var c = m.SSHClient();
c.Connect(Host,Port,Username,Password);
args:
Host: "{{Host}}"
Port: "22"
Username: "a3user"
Password: "idrm"
matchers:
- type: dsl
dsl:
- "response == true"
- "success == true"
condition: and
# digest: 490a0046304402200d62f301de1c5e99a55c08c0699637a72f6c387b78bd1187f7d0a8d322e62229022075a3b4e07e0affb4775653fba4c6a003e4968c0784d51ed799204e602e00c1fd:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink