Lucene search

[email protected]NVD:CVE-2021-39040

HistoryApr 25, 2022 - 4:16 p.m.

CVE-2021-39040

2022-04-2516:16:07

CWE-434

[email protected]

web.nvd.nist.gov

ibm

planning analytics workspace

vulnerability

file upload

validation

malicious file

executable files

ibm x-force

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.

Affected configurations

Nvd

Node

ibmplanning_analytics_workspaceMatch2.0

References

exchange.xforce.ibmcloud.com/vulnerabilities/214025

www.ibm.com/support/pages/node/6574003

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

Related for NVD:CVE-2021-39040

prion1 cvelist1 cve1 ibm1