CVE-2021-39040Unrestricted File Upload in IBM Planning Analytics Workspace

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.0HIGHNVD
EPSS
0.2%
top 60.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Planning Analytics Workspace
Timeline
PublishedApr 25
Latest updateApr 26

Description

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-7v8x-4fxf-3hxx: IBM Planning Analytics Workspace 22022-04-26
CVEList
CVE-2021-39040: IBM Planning Analytics Workspace 22022-04-25
CVE-2021-39040 — Unrestricted File Upload in IBM | cvebase