HIGH🇵🇱 Wersja polska

CVE-2023-42017

CVSS 8.0v3.1pub. 2023-12-22upd. 2024-11-21

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • IBM Planning Analytics

    APP
    Ibm
    2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-4716CRITICAL9.8⚠ KEVten sam produkt

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthent...

CVE-2024-25034HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of ...

CVE-2024-40693HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content ...

CVE-2022-22339HIGH7.3ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticate...

CVE-2022-22308HIGH7.8ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed int...