CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
62.1%
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data is vulnerable to security vulnerabilities . These have been addressed.
CVEID:CVE-2022-0185
**DESCRIPTION:**Linux Kernel is vulnerable to a heap-based buffer overflow, caused by an integer underflow in the legacy_parse_param function in fs/fs_context.c. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217455 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-27877
**DESCRIPTION:**IBM Planning Analytics on Cloud Pak for Data could allow an attacker to obtain sensitive information, due to insecure network policy configuration.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249981 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-26023
**DESCRIPTION:**IBM Planning Analytics on Cloud Pak for Data exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-26026
**DESCRIPTION:**IBM Planning Analytics connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data | 4.0 |
Affected Product(s) | Version(s) | Fix |
---|---|---|
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data | 4.0 | Installing IBM Planning Analytics Cartridge for IBM Cloud Pak for Data |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cognos_analytics_cartridge_for_ibm_cloud_pak_for_data | 4.0 | cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.0:*:*:*:*:*:*:* |
ibm | planning_analytics_local | 2.0 | cpe:2.3:a:ibm:planning_analytics_local:2.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
62.1%