Shutterstock Ibm Pc

IBM has admitted to making 'a process error, improper response' to a bug report that identified four vulnerabilities in its enterprise security software, and the tech giant plans to issue an advisory.

IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk.

The software flaws can be chained together to achieve unauthenticated remote code execution as root on a vulnerable installation, as described in an advisory Ribeiro published today on GitHub.