Remote Code Execution Vulnerability in IBM Planning Analytics Local by IBM
CVE-2020-4670
7.4HIGH
Summary
The IBM Planning Analytics Local 2.0 has a security concern due to its connection to a Redis server. The Redis server, configured without password authentication, exposes the system to potential unauthorized access by remote attackers. This vulnerability allows attackers to manipulate data and potentially control the Redis server, leading to unauthorized actions within the system.
Affected Version(s)
Planning Analytics Local 2.0
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved