IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below. IBM refused to acknowledge the responsibly submitted disclosure. IBM says a process error resulted in an improper response to the researcher who reported this situation to IBM. The vulnerability resides in the way IBM’s enterprise security software lets users perform network scans using Nmap scripts, which apparently can be equipped with malicious commands when supplied by attackers. IBM has been working on mitigation steps and they will be discussed in a security advisory to be issued.
Source: https://thehackernews.com/2020/04/ibm-data-risk-manager-vulnerabilities.html