Lucene search
China National Vulnerability DatabaseCNVD-2024-01168HistoryDec 29, 2023 - 12:00 a.m.
IBM Planning Analytics Code Issue Vulnerability (CNVD-2024-01168)
2023-12-2900:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
ibm
planning analytics
vulnerability
file extension
validation
remote attacker
malicious script
http request
arbitrary code
execution
IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines (IBM). The solution supports automated execution of processes such as business planning, budgeting and analysis. A code issue vulnerability exists in IBM Planning Analytics version 2.0, which stems from improper file extension validation, and can be exploited by a remote attacker to upload a malicious script by sending a specially crafted HTTP request, which could lead to the execution of arbitrary code on a vulnerable system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm planning analytics | eq | 2.0 |
Related
cvelist
cvelist
CVE-2023-42017 IBM Planning Analytics file upload
2023-12-22 16:02:54
nvd
nvd
CVE-2023-42017
2023-12-22 16:15:07
prion
prion
Input validation
2023-12-22 16:15:00
cve
cve
CVE-2023-42017
2023-12-22 16:15:07
ibm
ibm