Lucene search

[email protected]NVD:CVE-2023-42017

HistoryDec 22, 2023 - 4:15 p.m.

CVE-2023-42017

2023-12-2216:15:07

CWE-434

[email protected]

web.nvd.nist.gov

ibm

planning analytics

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.8%

JSON

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.

Affected configurations

Nvd

Node

ibmplanning_analyticsMatch2.0

VendorProductVersionCPE
ibmplanning_analytics2.0cpe:2.3:a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	planning_analytics	2.0	cpe:2.3:a:ibm:planning_analytics:2.0:::::::*

References

exchange.xforce.ibmcloud.com/vulnerabilities/265567

www.ibm.com/support/pages/node/7096528

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.8%

JSON

Related for NVD:CVE-2023-42017

cvelist1 cnvd1 prion1 cve1 ibm1