Four serious security vulnerabilities in IBM Data Risk Manager (IDRM) have been identified that can lead to unauthenticated remote code execution (RCE) as root in vulnerable versions, according to analysis. IBM is still investigating the bugs, but a proof-of-concept exploit is available. IBM’s IDRM is a software platform that aggregates threat data from disparate security systems, in order to perform enterprise security risk analysis. One of the bugs may end up being a zero-day issue Big Blue is investigating.
Source: https://threatpost.com/rce-exploit-ibm-data-risk-manager-no-patch/154986/