CVE-2020-4427
Published: 07 May 2020
Summary
CVE-2020-4427 is a critical-severity Improper Authentication (CWE-287) vulnerability in Ibm Data Risk Manager. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
IBM Data Risk Manager versions 2.0.1 through 2.0.6 contain an authentication bypass vulnerability when the product is configured to use SAML authentication. The flaw, tracked as CVE-2020-4427 with CVSS 9.8 and CWE-287, permits a remote attacker to circumvent security controls by submitting a specially crafted HTTP request, resulting in complete administrative access to the system.
An unauthenticated attacker with network access can exploit the issue to bypass the SAML-based login process entirely and obtain full control over the affected IBM Data Risk Manager instance. No user interaction or prior credentials are required for successful exploitation.
Advisories and additional details are available from IBM at the referenced support page and X-Force exchange entries.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-25674
Vulnerability details
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass…
more
the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization decisions so that a crafted SAML request cannot bypass login and obtain admin access.
Requires verified identification and authentication of users before granting access, directly blocking the SAML bypass that leads to unauthenticated admin sessions.
Validates HTTP request content and parameters, mitigating the specially crafted request that exploits the SAML authentication flaw.