CVE-2022-22392 — Unrestricted File Upload in IBM Planning Analytics Workspace

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 51.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Planning Analytics Workspace

Timeline

PublishedApr 25

Latest updateApr 26

Description

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/planning_analytics_workspace2.0

▶NVDibm/planning_analytics_workspace2.0

🔴Vulnerability Details

GHSA

GHSA-8973-w8wf-mxh6: IBM Planning Analytics Local 2↗2022-04-26

▶

CVEList

CVE-2022-22392: IBM Planning Analytics Local 2↗2022-04-25

▶