Unauthorized Access in IBM Planning Analytics Local with MongoDB Database
CVE-2020-4669

7.4HIGH

Key Information:

Vendor
IBM
Status
Planning Analytics Local
Vendor
CVE Published:
17 May 2021

Summary

IBM Planning Analytics Local 2.0 interacts with a MongoDB instance, which is configured to accept connections without requiring password authentication. This misconfiguration allows remote attackers to access sensitive data stored in the database without proper authorization. The potential for unauthorized access poses significant risks, including manipulation of data and exposure of confidential information.

Affected Version(s)

Planning Analytics Local 2.0

References

https://www.ibm.com/support/pages/node/6436821
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/186400
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.