PT-2019-17142 · Ibm · Ibm Planning Analytics

Published

2019-12-09

Updated

2019-12-11

CVE-2019-4612

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics version 2.0

Description The issue allows for malicious file upload in the My Account Portal. Attackers can exploit this weakness to upload malicious executable files into the system, which can then be sent to victims for further attacks.

Recommendations For IBM Planning Analytics version 2.0, consider restricting file upload capabilities in the My Account Portal until a fix is available. As a temporary workaround, implement strict validation and sanitization of uploaded files to minimize the risk of malicious file uploads.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-4612

Affected Products

Ibm Planning Analytics

PT-2019-17142 · Ibm · Ibm Planning Analytics

CVE-2019-4612

Weakness Enumeration

Related Identifiers

Affected Products

References · 4