This Security Bulletin addresses a security vulnerability that has been remediated in IBM Planning Analytics 2.0.9.
CVEID:CVE-2019-4716
**DESCRIPTION:**IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as “admin”, and then execute code as root or SYSTEM via TM1 scripting.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172094 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
IBM Planning Analytics 2.0.0 - 2.0.8
The recommended solution is to apply the fix as soon as possible:
Downloading IBM Planning Analytics 2.0.9
None