IBM Data Risk Manager zero-day vulnerability

April 30, 2020
ibm data risk manager idrm zeroday vulnerability

If you are using IBM Enterprise Security, then you are in for a surprise. Unfortunately, not a good one. Here is why.

Cybercrime Solutions researcher from Agile Information Security company, – Pedro Ribeiro, disclosed on his report that IBM’s Enterprise Security Software was a graded ZERO. The findings came after his test result returned a failure on the business firm to address its brand protection for possible cybercrime actors.


Tests and Investigation

Ribeiro has tested different versions of the security software of IBM from version 2.0.1 to 2.0.6. He identified the flaws from the earlier version up to the latest one. Later on, he confirmed that the brand has failed to secure or to release any patches to remedied the issue.

In his report, he confirmed that the affected software is part of the premium product offered to high-paying businesses. The discovered vulnerability is on the IBM Data Risk Manager (IDRM) that handles the asset and data information of the firm. The record shows that the defect includes a default admin access that, once unchanged, hackers can gain access to the whole infrastructure of the affected system. Once there is access, the authentication-bypasser, can execute command and control codes remotely, and more importantly, sensitive data file download and transfer. Thus, leaving unprotected will compromise the whole business.

The given rating of ZERO does not only mean about the failure to address the hole in the security software but also means a lot. In the cyberworld, non-action on a newfound software vulnerability or flaw is given the term ZERO-day. Once exposed to hackers, the ZERO-day attack is inevitable. Companies that have this software will be at risk of hardware or system damages that will include sensitive data exploitation. Since no available resolution is at hand, and the development of the patches may take time to complete, hackers would already be swimming onto the vast information that has been compromised. Companies will be left nothing to save in the aftermath.


Tips beyond what automation can offer

With this kind of threat, system administrators of companies or even a single user must always be vigilant regarding this attack. The public is advised to keep their software up-to-date and install the latest patches from the manufacturer and legit sources. Also, personalization in configuring security settings for the Operating Systems and internet browser is a must. Lastly, proactive installation of security software to further lessen the possibility of being infected and having effective security practice.

IBM is currently aware of the incident, but earlier response denied the flaw claimed by the researcher. The response inclusion said that the report as being out-of-scope and the product availability was only released to a few customers that opt-in to the enhanced feature. However, the latest information from the brand already informed the public that the mitigation procedure is now on the run, and security advisory will be released soon.

About the author

Leave a Reply