Lucene search

K
ibmIBMB526A52768AED728431E67B6F67F47FE20FD9BCA678B3FDDB4A9BCEC1C49792C
HistoryApr 22, 2022 - 11:53 p.m.

Security Bulletin: IBM Planning Analytics is affected by security vulnerabilities.

2022-04-2223:53:16
www.ibm.com
58

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

Summary

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.75.

Vulnerability Details

CVEID:CVE-2021-39040
**DESCRIPTION:**IBM Planning Analytics could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214025 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)

CVEID:CVE-2022-22392
**DESCRIPTION:**IBM Planning Analytics Local could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222066 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-3918
**DESCRIPTION:**Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of object prototype attributes. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Planning Analytics Workspace 2.0

Remediation/Fixes

It is strongly recommended that you apply the most recent security updates:

Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 75 from Fix Central

This Security Bulletin is applicable to IBM Planning Analytics 2.0 on premise offerings. The vulnerabilities listed above have been addressed on IBM Planning Analytics with Watson and no further action is required.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm planning analytics localeqany

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

Related for B526A52768AED728431E67B6F67F47FE20FD9BCA678B3FDDB4A9BCEC1C49792C