Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://thehackernews.com/2020/04/ibm-data-risk-manager-vulnerabilities.html
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure.

The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks.
Click to expand...
thehackernews.com

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Zero-day software vulnerabilities disclosed in IBM Data Risk Manager (IDRM) solution for Enterprise security.
thehackernews.com thehackernews.com
 
  • Like
Reactions: Andy Ful, Fel Grossi, CyberTech and 5 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
IBM however did say that it had fumbled the report. "A process error resulted in an improper response to the researcher who reported this situation to IBM," a company spokesperson told The Register. "We have been working on mitigation steps and they will be discussed in a security advisory to be issued."

Ribeiro dismissed IBM's response in an email to The Register. "Well, what can I say," he said. "It's a joke right? I think it's pretty sad that I have to disclose a zero-day and shame them publicly to get them to patch critical vulnerabilities in a security product, while they sell themselves as an elite company providing security services." "Like I said in my advisory, I was just looking to disclose it to them without asking anything in return except a mention when the vulnerability was fixed.
Click to expand...

IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report

IT giant admits it made 'a process error, improper response' to flaw finder
www.theregister.co.uk www.theregister.co.uk
Hmm, I wonder if it was the pretty big news cover that made someone at IBM wake up.
 
  • Like
  • +Reputation
Reactions: [correlate], stefanos, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Second Google Chrome zero-day exploit dropped on twitter this week
Replies
4
Views
1,409
News Archive
wat0114
wat0114
oldschool
    • Like
    • +Reputation
    • Applause
Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Replies
3
Views
910
News Archive
Bumblebee Uncle
Bumblebee Uncle
enaph
    • Like
    • +Reputation
    • Wow
Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild
Replies
4
Views
2,197
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top