IBM Planning Analytics file upload
CVE-2023-42017

8HIGH

Key Information:

Vendor: IBM
Status: Planning Analytics
Vendor: CVE Published:; 22 December 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability discovered in IBM Planning Analytics Local 2.0 allows remote attackers to exploit improper validation of file extensions. By crafting an HTTP request, attackers may upload malicious scripts that enable them to execute arbitrary code on the affected system. This could lead to unauthorized access and manipulation of sensitive data, highlighting the importance of securing applications against file upload vulnerabilities.

Affected Version(s)

Planning Analytics 2.0

News Articles

CybersecurityNews

CVE-2023-42017 CVE-2024-51466

IBM Cognos Analytics Vulnerability Allows Malicious File Upload & Injection Attacks

IBM has released a critical security update for its Cognos Analytics software, addressing two severe vulnerabilities: CVE-2023-42017 and CVE-2024-51466.

1 month ago

References

https://www.ibm.com/support/pages/node/7096528

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/265567

vdb-entry

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Dec 26, 2024
📰
First article discovered by CybersecurityNews
Dec 26, 2024
Vulnerability published
Dec 22, 2023
Vulnerability Reserved
Sep 6, 2023

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

IBM Cognos Analytics Vulnerability Allows Malicious File Upload & Injection Attacks

References

CVSS V3.1

Timeline