Remote Code Execution Vulnerability in IBM Planning Analytics Local by IBM
CVE-2020-4670

7.4HIGH

Key Information:

Vendor: IBM
Status: Planning Analytics Local
Vendor: CVE Published:; 17 May 2021

Summary

The IBM Planning Analytics Local 2.0 has a security concern due to its connection to a Redis server. The Redis server, configured without password authentication, exposes the system to potential unauthorized access by remote attackers. This vulnerability allows attackers to manipulate data and potentially control the Redis server, leading to unauthorized actions within the system.

Affected Version(s)

Planning Analytics Local 2.0

References

https://www.ibm.com/support/pages/node/6436821

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/186401

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2021
Vulnerability Reserved
Dec 30, 2019