← Back

CVE-2024-25034

nvd nist
Published: Jan 24, 2025Modified: Mar 5, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

Affected (2)

Ibm
1 product
Planning Analytics
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Planning Analytics
Version 2.0
Planning Analytics
Version 2.1

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.