CVE-2024-40693Unrestricted File Upload in IBM Planning Analytics Local

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.0HIGHNVD
EPSS
0.2%
top 63.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Planning Analytics LocalIBM Planning Analytics
Timeline
PublishedJan 24

Description

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDibm/planning_analytics2.0, 2.1+1
CVEListV5ibm/planning_analytics_local2.0, 2.1

🔴Vulnerability Details

2
CVEList
IBM Planning Analytics file upload2025-01-24
GHSA
GHSA-38fw-44gr-hrfp: IBM Planning Analytics 22025-01-24