CVE-2019-4716

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics versions 2.0.0 through 2.0.8

Description The issue is related to a configuration overwrite that allows an unauthenticated user to login as admin and then execute code as root or SYSTEM via TM1 scripting. This is due to insufficient path validation, which can be exploited by a remote attacker to elevate privileges and execute arbitrary code using a TM1 script.

Recommendations For IBM Planning Analytics versions 2.0.0 through 2.0.8, consider disabling TM1 scripting until a patch is available to prevent remote code execution. Restrict access to the admin account to minimize the risk of exploitation. Avoid using TM1 scripting for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.