CVE-2024-35143

CWE-306Missing Authentication3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.1%
top 75.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Planning Analytics LocalIBM Planning Analytics Workspace
Timeline
PublishedAug 4

Description

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.4 | Impact: 5.2

Affected Packages3 packages

NVDibm/planning_analytics_local2.02.0.97+1
CVEListV5ibm/planning_analytics_local2.0, 2.1
NVDibm/planning_analytics_workspace2.02.0.97+1

🔴Vulnerability Details

2
CVEList
IBM Planning Analytics Local missing authentication2024-08-04
GHSA
GHSA-7jrh-j28c-296f: IBM Planning Analytics Local 22024-08-04