HIGH🇬🇧 English

CVE-2024-25034

CVSS 8.0v3.1pub. 2025-01-24upd. 2025-03-05

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • IBM Planning Analytics

    APP
    Ibm
    2.02.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-4716CRITICAL9.8⚠ KEVten sam produkt

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthent...

CVE-2024-40693HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content ...

CVE-2023-42017HIGH8.0ten sam produkt

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improp...

CVE-2022-22339HIGH7.3ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticate...

CVE-2022-22308HIGH7.8ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed int...

CVE-2024-25034 — HIGH 8.0 | CVEbaza.pl