Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME21A03E51F1261C87D33DBA092938073B7FB50D0A59DA0402DA1EDEF81113446
HistoryMay 07, 2024 - 7:21 p.m.

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

2024-05-0719:21:55
www.ibm.com
12
ibm planning analytics
open source software
vulnerabilities
node.js
cve-2023-39332
cve-2023-39333
cve-2023-39331
cve-2023-42282
cve-2023-3817
openssl

10 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON

Summary

There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local - Planning Analytics Workspace 2.0.95 by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace, and not any nested dependencies within the product.

Vulnerability Details

CVEID:CVE-2023-39332
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the experimental permission model.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268788 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2023-39333
**DESCRIPTION:**Node.js could allow a remote attacker to gain unauthorized access to the system, caused by a code injection flaw. By using specially crafted export names in an imported WebAssembly module, an attacker could exploit this vulnerability to inject JavaScript code and gain access to restricted data and functions.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268790 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-39331
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the experimental permission model.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268787 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2023-42282
**DESCRIPTION:**Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw in the ip.isPublic() function. By sending a specially crafted request using a hexadecimal representation of a private IP address, an attacker could exploit this vulnerability to execute arbitrary code on the system and obtain sensitive information.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282923 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-3817
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-3446
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261026 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-2975
**DESCRIPTION:**OpenSSL could allow a remote attacker to bypass security restrictions, caused by AES-SIV cipher implementation. By sending a specially-crafted request using empty data entries as associated data, an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260817 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-2650
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3602
**DESCRIPTION:**OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By using a specially-crafted email address, a remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239161 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-4807
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC (message authentication code) implementation, when running on newer X86_64 processors supporting the AVX512-IFMA instructions. A local authenticated attacker could exploit this vulnerability to cause an incorrect result of some application dependent calculations or a crash or in some cases gain complete control of the application process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265578 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-38552
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by the circumvention of integrity checks by the policy feature. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the experimental permission model.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268789 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-13936
**DESCRIPTION:**Apache Velocity could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox bypass flaw. By modifying the Velocity templates, an attacker could exploit this vulnerability to execute arbitrary code with the same privileges as the account running the Servlet container.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197993 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-22066
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268799 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20975
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279644 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22068
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268800 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22078
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268802 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22103
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268819 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22097
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22114
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268826 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22070
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268801 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22059
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268796 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22032
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268795 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-22259
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in UriComponentsBuilder. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285631 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)

CVEID:CVE-2024-28176
**DESCRIPTION:**Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time or memory, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285538 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-26159
**DESCRIPTION:**follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2024-21896
**DESCRIPTION:**Node.js could allow a remote attacker to traverse directories on the system. By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, an attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to read arbitrary files on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282989 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-46809
**DESCRIPTION:**Node.js could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the privateDecrypt() API of the crypto library. An attacker could exploit this vulnerability to conduct a covert timing side-channel during PKCS#1 v1.5 padding error handling and obtain significant timing differences in decryption for valid and invalid ciphertexts.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282990 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2024-21892
**DESCRIPTION:**Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by a bug in the implementation of the exception of CAP_NET_BIND_SERVICE. An attacker could exploit this vulnerability to inject code that inherits the process’s elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282986 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-22017
**DESCRIPTION:**Node.js could allow a local attacker to gain elevated privileges on the system, caused by the failure of setuid() to drop all privileges due to io_uring. An attacker could exploit this vulnerability to perform privileged operations.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282987 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-21891
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by improper path traversal sequence sanitization. By using a path traversal attack, an attacker could exploit this vulnerability leading to filesystem permission model bypass.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282991 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2024-22019
**DESCRIPTION:**Node.js is vulnerable to a denial of service, caused by an error when reading unprocessed HTTP request with unbounded chunk extension. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282988 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-21890
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by the improper handling of wildcards in --allow-fs-read and --allow-fs-write. An attacker could exploit this vulnerability to gain access to the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/282992 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-45857
**DESCRIPTION:**Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value in all requests to any server when the XSRF-TOKEN0 cookie is available, and the withCredentials setting is turned on, an attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)

CVEID:CVE-2023-22064
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268797 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20973
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279645 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21976
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253089 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22111
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: UDF component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268822 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20965
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Cluster: General component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279668 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20963
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Encryption component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279669 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21972
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253087 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22115
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268827 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20981
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279642 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20971
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279665 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22065
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268798 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20969
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279666 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-22110
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268821 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20977
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279643 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22104
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268820 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21980
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Client programs component could allow an remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253093 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-21977
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253090 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21982
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253095 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20961
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279670 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22112
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22092
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268816 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22079
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268803 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20985
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: UDF component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279640 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22007
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Replication component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260996 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22113
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Encryption component could allow a remote authenticated attacker to cause low confidentiality impact.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268825 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2024-20983
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279641 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20967
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Replication component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279667 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-22084
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268804 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-25710
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283472 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26308
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283469 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-26136
**DESCRIPTION:**Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259555 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2023-48795
**DESCRIPTION:**OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. A remote attacker could exploit this vulnerability to launch a machine-in-the-middle attack and strip an arbitrary number of messages after the initial key exchange, breaking SSH extension negotiation and downgrading the client connection security.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275282 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)

CVEID:CVE-2024-22243
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using UriComponentsBuilder to parse an externally provided URL. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)

**IBM X-Force ID:**239927
**DESCRIPTION:**Python Cryptographic Authority cryptography is vulnerable to a buffer overflow, caused by improper bounds checking by the OpenSSL library. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239927 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**IBM X-Force ID:**281585
**DESCRIPTION:**Node.js nodemailer module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By providing specially crafted regex input using the attachDataUrls parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281585 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Planning Analytics Local - Planning Analytics Workspace 2.1
IBM Planning Analytics Local - Planning Analytics Workspace 2.0

Remediation/Fixes

It is strongly recommended that you apply the most recent security updates:

Affected Product(s) Version Fix
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 Download IBM Planning Analytics Local v2.1: Planning Analytics Workspace Release 2 (2.1.2) from Fix Central
IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 95 from Fix Central

IBM Planning Analytics Workspace cloud environments have been remediated.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm planning analytics localeqany

Related

nessus 55
ubuntu 3
osv 16
openvas 34
ibm 28
photon 8
freebsd 2
redhat 13
almalinux 7
rocky 5
oraclelinux 7
f5 3
fedora 3
atlassian 2
mageia 3
ubuntucve 1
cve 2
debiancve 2
github 1
cvelist 2
cloudfoundry 1
aix 1
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : MySQL vulnerabilities (USN-6459-1)
2023-10-30 00:00:00
FreeBSD : MySQL -- Multiple vulnerabilities (22df5074-71cd-11ee-85eb-84a93843eb75)
2023-10-23 00:00:00
Node.js 18.x < 18.19.1 / 20.x < 20.11.1 / 21.x < 21.6.2 Multiple Vulnerabilities (Wednesday February 14 2024 Security Releases).
2024-02-21 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2023-10-30 00:00:00
MySQL vulnerabilities
2024-01-30 00:00:00
OpenSSL vulnerabilities
2023-10-24 00:00:00
osv
osv
mysql-8.0 vulnerabilities
2023-10-30 13:22:59
Important: nodejs:20 security update
2024-04-08 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6459-1)
2023-10-31 00:00:00
Oracle MySQL Server 8.x <= 8.0.34, 8.1.0 Security Update (cpuoct2023) - Linux
2023-10-18 00:00:00
Oracle MySQL Server 8.x <= 8.0.34, 8.1.0 Security Update (cpuoct2023) - Windows
2023-10-18 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Oracle MySQL
2024-02-01 15:30:03
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
2024-03-19 17:46:28
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.15 and earlier
2024-03-19 20:32:38
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0147
2023-11-18 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0518
2023-11-22 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0686
2023-11-11 00:00:00
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2023-10-17 00:00:00
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
redhat
redhat
(RHSA-2024:1688) Important: nodejs:20 security update
2024-04-08 08:32:51
(RHSA-2024:1687) Important: nodejs:20 security update
2024-04-08 08:32:43
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
almalinux
almalinux
Important: nodejs:20 security update
2024-04-08 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
Moderate: mysql:8.0 security update
2024-02-20 00:00:00
rocky
rocky
nodejs:20 security update
2024-05-06 13:05:29
nodejs:20 security update
2024-05-06 13:04:21
nodejs:18 security update
2024-03-27 04:34:32
oraclelinux
oraclelinux
nodejs:20 security update
2024-04-08 00:00:00
nodejs:20 security update
2024-04-08 00:00:00
mysql security update
2024-03-06 00:00:00
f5
f5
K000138460 : Multiple MySQL vulnerabilities
2024-02-02 00:00:00
K000139558 : Node.js vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019
2024-05-09 00:00:00
K000137330 : Node.JS vulnerabilities CVE-2023-38552, CVE-2023-39331, CVE-2023-39332, and CVE-2023-3933
2023-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39
2023-11-03 18:59:18
[SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38
2023-10-26 01:51:49
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37
2023-10-26 01:35:05
atlassian
atlassian
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server
2024-04-12 01:11:10
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server
2024-05-10 10:10:53
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
Updated openssl packages fix security vulnerability
2023-09-11 16:07:54
Updated quictls packages fix security vulnerabilities
2023-09-30 22:15:40
ubuntucve
ubuntucve
CVE-2024-22259
2024-03-16 00:00:00
cve
cve
CVE-2024-22259
2024-03-16 05:15:20
CVE-2024-22262
2024-04-16 06:15:46
debiancve
debiancve
CVE-2024-22259
2024-03-16 05:15:20
CVE-2024-22262
2024-04-16 06:15:46
github
github
Spring Framework URL Parsing with Host Validation Vulnerability
2024-03-16 06:30:27
cvelist
cvelist
CVE-2024-22259 CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
2024-03-16 04:40:08
CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation
2024-04-16 05:54:12
cloudfoundry
cloudfoundry
USN-6450-1: OpenSSL vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2023-09-11 10:43:54

10 High

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON
Related for E21A03E51F1261C87D33DBA092938073B7FB50D0A59DA0402DA1EDEF81113446
nessus55ubuntu3osv16openvas34ibm28photon8freebsd2redhat13almalinux7rocky5oraclelinux7f53fedora3atlassian2mageia3ubuntucve1cve2debiancve2github1cvelist2cloudfoundry1aix1