CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.3%
IBM Planning Analytics Workspace is vulnerable to a Remote Code Execution (RCE) in SnakeYaml. SnakeYaml has been upgraded in IBM Planning Analytics Workspace.
CVEID:CVE-2022-1471
**DESCRIPTION:**SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241118 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Planning Analytics Workspace | 2.0 |
It is strongly recommended that you apply the most recent security update:
Product(s) | Versions(s) | Remediation/Fix/Instructions |
---|---|---|
IBM Planning Analytics Workspace | 2.0 | Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 87 from Fix Central |
This Security Bulletin is applicable to IBM Planning Analytics 2.0 on premise offerings. The vulnerabilities listed above has been addressed on IBM Planning Analytics with Watson and no further action is required.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | planning_analytics_local | any | cpe:2.3:a:ibm:planning_analytics_local:any:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.3%