← Back

CVE-2024-40693

nvd nist
Published: Jan 24, 2025Modified: Mar 5, 2025

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: psirt@us.ibm.com (Secondary)

Description

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

Affected (2)

Ibm
1 product
Planning Analytics
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Planning Analytics
Version 2.0
Planning Analytics
Version 2.1

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.