Unauthorized Access in IBM Planning Analytics Local with MongoDB Database
CVE-2020-4669
7.4HIGH
Summary
IBM Planning Analytics Local 2.0 interacts with a MongoDB instance, which is configured to accept connections without requiring password authentication. This misconfiguration allows remote attackers to access sensitive data stored in the database without proper authorization. The potential for unauthorized access poses significant risks, including manipulation of data and exposure of confidential information.
Affected Version(s)
Planning Analytics Local 2.0
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved