Cyber Resilience

CVE-2020-4428

CriticalCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 07 May 2020

Published
07 May 2020
Modified
04 November 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9229 99.7th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-4428 is a critical-severity OS Command Injection (CWE-78) vulnerability in Ibm Data Risk Manager. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

IBM Data Risk Manager versions 2.0.1, 2.0.2, 2.0.3, and 2.0.4 contain a command injection vulnerability tracked as CVE-2020-4428 and CWE-78. The flaw permits execution of arbitrary commands on the underlying system and carries a CVSS 3.1 base score of 9.1 reflecting network attack vector, low complexity, and high impact across confidentiality, integrity, and availability with changed scope.

A remote attacker who has already authenticated with high privileges can exploit the issue to run arbitrary operating-system commands, resulting in full control over the affected IBM Data Risk Manager instance and any data or resources it manages. No information on patches, workarounds, or real-world exploitation activity is supplied in the available references.

EU & UK References

Vulnerability details

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

ibm
data risk manager
2.0.1 — 2.0.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the command-injection payload (CWE-78) by validating all user-supplied input before it reaches the OS command interpreter.

prevent

Limits the high privileges required by the attacker, reducing the ability to execute arbitrary OS commands even after authentication.

prevent

Restricts the system to only essential functions and disables unnecessary command interpreters or utilities that the injection would otherwise abuse.

References