CVE-2020-5014
MEDIUMIBM DataPower Gateway 10.0.0.0-10.0.1.0 - Authenticated Remote Code Execution via Server-Side Request Forgery
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-5014. PoCs published by copethomas.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-5014, which leverages an authenticated SSRF attack against IBM DataPower's internal Redis server to achieve remote code execution as the 'drouter' user. The exploit includes a custom Redis module and a Go-based toolchain to automate the attack.
Description
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
Exploits (1)
This repository contains a functional exploit for CVE-2020-5014, which leverages an authenticated SSRF attack against IBM DataPower's internal Redis server to achieve remote code execution as the 'drouter' user. The exploit includes a custom Redis module and a Go-based toolchain to automate the attack.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H