Lucene search

IbmCVELIST:CVE-2020-4882

HistoryMar 22, 2021 - 5:00 p.m.

CVE-2020-4882

2021-03-2217:00:15

ibm

www.cve.org

ibm

planning analytics 2.0

ssrf

vulnerability

arbitrary requests

internal network

local file system

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.

CNA Affected

[
  {
    "product": "Planning Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/190852

www.ibm.com/support/pages/node/6430643

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

Related for CVELIST:CVE-2020-4882