CVE-2020-4670

7.4HIGH

Key Information:

Vendor: IBM
Status: Planning Analytics Local
Vendor: CVE Published:; 17 May 2021

Summary

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.

Affected Version(s)

Planning Analytics Local 2.0

References

https://www.ibm.com/support/pages/node/6436821

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/186401

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2021
Vulnerability Reserved
Dec 30, 2019