IBM

Four zero-day vulnerabilities impacted an IBM security product after the company refused to patch bugs following a private bug disclosure attempt.

The bugs impacted the IBM Data Risk Manager (IDRM).

It is an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management tools to let admins investigate security issues.

The compromise of product led to a full-scale company compromise, as the tool had credentials to access other security tools.

It contained information about critical vulnerabilities that affect the company.

Source: https://www.zdnet.com/article/security-researcher-discloses-four-ibm-zero-days-after-company-refused-to-patch/

"id": "IBM162291222",
"linkid": "ibm",
"type": "Vulnerability",
"date": "04/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"