Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB2CF4CB6D4D5CD6B2EE4D94BFC87B6B814A587B1543C77EEA8C5DFD1A4FCA2A4
HistorySep 20, 2021 - 6:42 p.m.

Additional Information About CVE-2019-4716

2021-09-2018:42:15
www.ibm.com
12

0.07 Low

EPSS

Percentile

94.0%

JSON

On February 11th the following Security Bulletin was released: https://www.ibm.com/support/pages/node/1127781

This article provides important details about CVE-2019-4716. This vulnerability impacts the TM1 database component from IBM Planning Analytics Local and IBM Planning Analytics on Cloud versions 2.0.0 to 2.0.8.

This security vulnerability has been addressed in the IBM Planning Analytics 2.0.9 release. The vulnerability impacts the C API that is used by Architect, Perspectives and other TM1 client applications. The REST/ODATA API used by Planning Analytics Workspace and Planning Analytics for Microsoft Excel is not susceptible to this vulnerability.

This vulnerability may allow an unauthorized user, access to Admin role in TM1 database. With this permission, the perpetrator has full access to all metadata and data in the TM1 database. The perpetrator can create and execute Turbo Integrator processes, including the use of ExecuteCommand Ti function that allows commands to be run on the host operating system with the same privileges as the using the account running the TM1 database process.

Within the IBM Planning Analytics on Cloud environment it is not possible to leverage this vulnerability without access to the rich client tier system that runs TM1 Architect, TM1 Perspectives, and Performance Modeler.

Within IBM Planning Analytics Local this vulnerability can only be used to target a TM1 database where the perpetrator has access to the TM1 CAPI port. This port number is determined by the PortNumber parameter in the tm1s.cfg file.

IBM recommends that Planning Analytics Local customers update to IBM Planning Analytics 2.0.9 to address this vulnerability. Interim Fixes can be made available for Planning Analytics 2.0.6 to 2.0.8. IBM Planning Analytics customers using 2.0.6 and lower are recommended to upgrade to 2.0.6 or higher. If an Interim Fix is required, please open a ticket with IBM Support.

[{“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SSCTEW”,“label”:“IBM Planning Analytics Local”},“Component”:“TM1 Server”,“Platform”:[{“code”:“PF016”,“label”:“Linux”},{“code”:“PF033”,“label”:“Windows”}],“Version”:“All Versions”,“Edition”:“”,“Line of Business”:{“code”:“LOB10”,“label”:“Data and AI”}}]

Related

cisa_kev 1
cvelist 1
nvd 1
ibm 1
checkpoint_advisories 1
prion 1
zdt 2
attackerkb 1
packetstorm 1
cve 1
cisa_kev
cisa_kev
IBM Planning Analytics Remote Code Execution Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2019-4716
2019-12-17 00:00:00
nvd
nvd
CVE-2019-4716
2019-12-18 17:16:43
ibm
ibm
Security Bulletin: IBM Planning Analytics has addressed a Security Vulnerability
2020-02-11 18:54:41
checkpoint_advisories
checkpoint_advisories
IBM Planning Analytics Remote Code Execution (CVE-2019-4716)
2022-02-21 00:00:00
prion
prion
Code injection
2019-12-18 17:16:00
zdt
zdt
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution Exploit
2020-03-28 00:00:00
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution Exploit (2)
2020-03-31 00:00:00
attackerkb
attackerkb
CVE-2019-4716
2019-12-18 00:00:00
packetstorm
packetstorm
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution
2020-03-28 00:00:00
cve
cve
CVE-2019-4716
2019-12-18 17:16:43

0.07 Low

EPSS

Percentile

94.0%

JSON
Related for B2CF4CB6D4D5CD6B2EE4D94BFC87B6B814A587B1543C77EEA8C5DFD1A4FCA2A4
cisa_kev1cvelist1nvd1ibm1checkpoint_advisories1prion1zdt2attackerkb1packetstorm1cve1