CVE-2024-25034

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 63.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Planning Analytics LocalIBM Planning Analytics
Timeline
PublishedJan 24

Description

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDibm/planning_analytics2.0, 2.1+1
CVEListV5ibm/planning_analytics_local2.0, 2.1

🔴Vulnerability Details

2
CVEList
IBM Planning Analytics file upload2025-01-24
GHSA
GHSA-8crw-9p7v-xfx8: IBM Planning Analytics 22025-01-24
CVE-2024-25034 (HIGH CVSS 8.8) | IBM Planning Analytics 2.0 and 2.1 | cvebase.io