Malicious File Upload Vulnerability in IBM Planning Analytics Workspace
CVE-2021-39040

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Planning Analytics Workspace
Vendor: CVE Published:; 25 April 2022

Summary

IBM Planning Analytics Workspace 2.0 may allow attackers to exploit an inadequate validation mechanism for uploaded files. This vulnerability enables unauthorized users to upload malicious executable files, posing a risk of further attacks on the system. Proper security measures should be implemented to verify file types and sizes to mitigate potential threats.

Affected Version(s)

Planning Analytics Workspace 2.0

References

https://www.ibm.com/support/pages/node/6574003

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/214025

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2022
Vulnerability Reserved
Aug 16, 2021