Security researcher discloses four IBM zero-days after company refused to patch

A security researcher has published today details about four zero-day vulnerabilities impacting an IBM security product after the company refused to patch bugs following a private bug disclosure attempt.

The bugs impact the IBM Data Risk Manager (IDRM), an enterprise security tool that aggregates feeds from vulnerability scanning tools and other risk management tools to let admins investigate security issues.

“IDRM is an enterprise security product that handles very sensitive information,” said Pedro Ribeiro, Director of Research at Agile Information Security, and the one who discovered the four bugs.

Read more…
Source: ZDNet