CVE-2024-35143

2024-08-0413:15:57

CWE-306

[email protected]

web.nvd.nist.gov

ibm

planning analytics

mongodb

unauthorized access

remote attacker

x-force id

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

41.1%

JSON

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.

Affected configurations

Nvd

Node

ibmplanning_analytics_workspaceRange2.0–2.0.97

ibmplanning_analytics_workspaceRange2.1–2.1.4

Node

ibmplanning_analytics_localRange2.0–2.0.97

ibmplanning_analytics_localRange2.1.0–2.1.4

VendorProductVersionCPE
ibmplanning_analytics_workspace*cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*
ibmplanning_analytics_local*cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	planning_analytics_workspace	*	cpe:2.3:a:ibm:planning_analytics_workspace::::::::
ibm	planning_analytics_local	*	cpe:2.3:a:ibm:planning_analytics_local::::::::