module
IBM Data Risk Manager Arbitrary File Download
| Disclosed |
|---|
| Apr 21, 2020 |
Disclosed
Apr 21, 2020
Description
IBM Data Risk Manager (IDRM) contains two vulnerabilities that can be chained by
an unauthenticated attacker to download arbitrary files off the system.
The first is an unauthenticated bypass, followed by a path traversal.
This module exploits both vulnerabilities, giving an attacker the ability to download (non-root) files.
A downloaded file is zipped, and this module also unzips it before storing it in the database.
By default this module downloads Tomcat's application.properties files, which contains the
database password, amongst other sensitive data.
At the time of disclosure, this is was a 0 day, but IBM later patched it and released their advisory.
Versions 2.0.2 to 2.0.4 are vulnerable, version 2.0.1 is not.
an unauthenticated attacker to download arbitrary files off the system.
The first is an unauthenticated bypass, followed by a path traversal.
This module exploits both vulnerabilities, giving an attacker the ability to download (non-root) files.
A downloaded file is zipped, and this module also unzips it before storing it in the database.
By default this module downloads Tomcat's application.properties files, which contains the
database password, amongst other sensitive data.
At the time of disclosure, this is was a 0 day, but IBM later patched it and released their advisory.
Versions 2.0.2 to 2.0.4 are vulnerable, version 2.0.1 is not.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.