Lucene search

IbmCVELIST:CVE-2021-39040

HistoryApr 22, 2022 - 12:00 a.m.

CVE-2021-39040

2022-04-2200:00:00

ibm

www.cve.org

ibm

planning analytics

workspace 2.0

vulnerability

malicious file upload

file validation

executable files

x-force id 214025

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.

CNA Affected

[
  {
    "product": "Planning Analytics Workspace",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/214025

www.ibm.com/support/pages/node/6574003