CRITICAL🚩 CISA KEV⚑ EXPLOITπŸ‡΅πŸ‡± Wersja polska

CVE-2019-4716

CVSS 9.8v3.1pub. 2019-12-18upd. 2026-01-14

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Planning Analytics

    APP
    Ibm
    2.0 – 2.0.8

CISA KEV β€” detailsi

Vendori
IBM β†—
Producti
Planning Analytics
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

πŸ”΄
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2024-25034HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of ...

CVE-2024-40693HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content ...

CVE-2023-42017HIGH8.0ten sam produkt

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improp...

CVE-2022-22339HIGH7.3ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticate...

CVE-2022-22308HIGH7.8ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed int...

CVE-2019-4716 β€” Ibm β€” Planning Analytics β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl