CVE-2019-4716
10
CVSS:3.0/UI:N/AC:L/PR:N/I:H/S:C/AV:N/C:H/A:H/RC:C/RL:O/E:U
Summary
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Planning Analytics | 2.0.0 | affected |
| IBM | Planning Analytics | 2.0.8 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/1127781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
- http://seclists.org/fulldisclosure/2020/Mar/44
- http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://www.ibm.com/support/pages/node/1127781
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
- http://seclists.org/fulldisclosure/2020/Mar/44
- http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.