CVE-2020-4429

CRITICAL EXPLOITED NUCLEI

IBM Data Risk Manager 2.0.1-2.0.6 - Use of Hard-coded Credentials

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-4429 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including halilkirazkaya, including a Metasploit module exploits/linux/http/ibm_drm_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2020-4429, which involves a default password vulnerability in IBM Data Risk Manager. The PoC includes credentials for an administrative account that can be used to gain root privileges via SSH.

Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

Exploits (4)

github WORKING POC 4 stars
by halilkirazkaya · poc
https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2020/CVE-2020-4429.md

This repository provides a functional proof-of-concept for CVE-2020-4429, which involves a default password vulnerability in IBM Data Risk Manager. The PoC includes credentials for an administrative account that can be used to gain root privileges via SSH.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: IBM Data Risk Manager 2.0.1-2.0.6
No auth needed
Prerequisites: network access to the target system · SSH service exposed
devstral-2 · analyzed Feb 27, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ibm_drm_rce.rb

This Metasploit module exploits a chain of vulnerabilities in IBM Data Risk Manager (CVE-2020-4427, CVE-2020-4428, CVE-2020-4429) to achieve unauthenticated remote code execution as root. It bypasses authentication, injects commands, and abuses an insecure default password.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: IBM Data Risk Manager <= 2.0.4
No auth needed
Prerequisites: Network access to the target · SSL/TLS enabled on port 8443
devstral-2 · analyzed Apr 22, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/ibm_drm_download.rb

This Metasploit module exploits CVE-2020-4429, an arbitrary file download vulnerability in IBM Data Risk Manager (IDRM) versions 2.0.2 to 2.0.4. It chains an authentication bypass (CVE-2020-4427) with a path traversal to download sensitive files, such as Tomcat's application.properties, which contains database credentials.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: IBM Data Risk Manager (IDRM) 2.0.2 to 2.0.4
No auth needed
Prerequisites: Network access to the target IBM DRM instance on port 8443
devstral-2 · analyzed Apr 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/ibm_drm_a3user.rb

This Metasploit module exploits a known default password vulnerability in IBM Data Risk Manager, allowing SSH login as 'a3user' with password 'idrm' and escalating to root via sudo. It is a reliable exploit for versions <= 2.0.6.1.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: IBM Data Risk Manager <= 2.0.6.1
Auth required
Prerequisites: SSH access to the target appliance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

IBM Data Risk Manager - Hardcoded Credentials
CRITICALby Kazgangap

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.9070
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-12
CWE
CWE-798
Status published
Products (6)
ibm/data_risk_manager 2.0.1
ibm/data_risk_manager 2.0.2
ibm/data_risk_manager 2.0.3
ibm/data_risk_manager 2.0.4
ibm/data_risk_manager 2.0.5
ibm/data_risk_manager 2.0.6
Published May 07, 2020
Tracked Since Feb 18, 2026