Vulnerability Details CVE-2019-4716
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.77
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 10.0
Proposed Action
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Mar/44
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
- https://www.ibm.com/support/pages/node/1127781
- http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Mar/44
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
- https://www.ibm.com/support/pages/node/1127781
Products affected by CVE-2019-4716
-
cpe:2.3:a:ibm:planning_analytics:2.0
-
cpe:2.3:a:ibm:planning_analytics:2.0.1
-
cpe:2.3:a:ibm:planning_analytics:2.0.2
-
cpe:2.3:a:ibm:planning_analytics:2.0.3
-
cpe:2.3:a:ibm:planning_analytics:2.0.4
-
cpe:2.3:a:ibm:planning_analytics:2.0.5
-
cpe:2.3:a:ibm:planning_analytics:2.0.6
-
cpe:2.3:a:ibm:planning_analytics:2.0.7
-
cpe:2.3:a:ibm:planning_analytics:2.0.8