IT giant admits it made 'a process error, improper response' to flaw finder
IBM has acknowledged that it mishandled a bug report that identified four vulnerabilities in its enterprise security software, and plans to issue an advisory.
IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk.
The software flaws can be chained together to achieve unauthenticated remote code execution as root on a vulnerable installation, as described in insecure business machines remote exploit manager drops after snubs report
