CVE-2020-4429

CRITICAL EXPLOITED NUCLEI

IBM Data Risk Manager - Hard-coded Credentials

Title source: rule

Description

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

Exploits (4)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2020/CVE-2020-4429.md

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ibm_drm_rce.rb

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/ibm_drm_download.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/ibm_drm_a3user.rb

View Code ZIP pw:eip

Nuclei Templates (1)

IBM Data Risk Manager - Hardcoded Credentials

CRITICALby Kazgangap

References (4)

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/180534

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6206875

[Mailing List] http://seclists.org/fulldisclosure/2024/Nov/0

[Mailing List] http://seclists.org/fulldisclosure/2024/Nov/1

Scores

CVSS v3 9.8

EPSS 0.9070

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-12

CWE

CWE-798

Status published

Products (6)

ibm/data_risk_manager 2.0.1

ibm/data_risk_manager 2.0.2

ibm/data_risk_manager 2.0.3

ibm/data_risk_manager 2.0.4

ibm/data_risk_manager 2.0.5

ibm/data_risk_manager 2.0.6

Published May 07, 2020

Tracked Since Feb 18, 2026