Lucene search

IbmCVELIST:CVE-2022-22308

HistoryFeb 21, 2022 - 6:10 p.m.

CVE-2022-22308

2022-02-2118:10:10

ibm

www.cve.org

ibm

planning analytics

remote file include

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.

CNA Affected

[
  {
    "product": "Planning Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": "Planning Analytics Workspace",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/216891

www.ibm.com/support/pages/node/6557106

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Related for CVELIST:CVE-2022-22308