{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T03:14:48.296","vulnerabilities":[{"cve":{"id":"CVE-2020-4620","sourceIdentifier":"psirt@us.ibm.com","published":"2020-09-22T14:15:13.097","lastModified":"2024-11-21T05:32:59.943","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979."},{"lang":"es","value":"IBM Data Risk Manager (iDNA) versión 2.0.6, podría permitir a un atacante autenticado remoto cargar archivos arbitrarios, debido a una comprobación inapropiada de las extensiones de archivo. Mediante el envío de una petición HTTP especialmente diseñada, un atacante remoto podría explotar esta vulnerabilidad para cargar un archivo malicioso, lo que podría permitirle ejecutar código arbitrario en el sistema vulnerable. IBM X-Force ID: 184979"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:data_risk_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.6.4","matchCriteriaId":"835B4BE9-C7F1-4BD4-81EC-DD07E29B88A2"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/184979","source":"psirt@us.ibm.com","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/6335281","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/184979","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://www.ibm.com/support/pages/node/6335281","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}