Cyber Resilience

CVE-2020-4427

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 07 May 2020

Published
07 May 2020
Modified
04 November 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9274 99.8th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-4427 is a critical-severity Improper Authentication (CWE-287) vulnerability in Ibm Data Risk Manager. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

IBM Data Risk Manager versions 2.0.1 through 2.0.6 contain an authentication bypass vulnerability when the product is configured to use SAML authentication. The flaw, tracked as CVE-2020-4427 with CVSS 9.8 and CWE-287, permits a remote attacker to circumvent security controls by submitting a specially crafted HTTP request, resulting in complete administrative access to the system.

An unauthenticated attacker with network access can exploit the issue to bypass the SAML-based login process entirely and obtain full control over the affected IBM Data Risk Manager instance. No user interaction or prior credentials are required for successful exploitation.

Advisories and additional details are available from IBM at the referenced support page and X-Force exchange entries.

EU & UK References

Vulnerability details

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass…

more

the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ibm
data risk manager
2.0.1 — 2.0.6.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization decisions so that a crafted SAML request cannot bypass login and obtain admin access.

prevent

Requires verified identification and authentication of users before granting access, directly blocking the SAML bypass that leads to unauthenticated admin sessions.

prevent

Validates HTTP request content and parameters, mitigating the specially crafted request that exploits the SAML authentication flaw.

References