Remote Code Execution Vulnerability in IBM Planning Analytics Local by IBM
CVE-2020-4670

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
17 May 2021

Summary

The IBM Planning Analytics Local 2.0 has a security concern due to its connection to a Redis server. The Redis server, configured without password authentication, exposes the system to potential unauthorized access by remote attackers. This vulnerability allows attackers to manipulate data and potentially control the Redis server, leading to unauthorized actions within the system.

Affected Version(s)

Planning Analytics Local 2.0

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.