IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HIBM Planning Analytics
APPIbm2.0
Related vulnerabilities
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthent...
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of ...
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content ...
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticate...
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed int...