PT-2021-12154 · Ibm · Ibm Planning Analytics Local

Published

2021-05-17

Updated

2021-05-24

CVE-2020-4670

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local version 2.0

Description The issue concerns the connection of IBM Planning Analytics Local to a Redis server, which is an in-memory data structure store. The Redis server, running on the remote host, lacks password authentication, making it accessible to unauthorized parties. A remote attacker can exploit this lack of protection to gain unauthorized access to the server.

Recommendations For IBM Planning Analytics Local version 2.0, consider implementing password authentication for the Redis server to prevent unauthorized access. As a temporary workaround, restrict access to the Redis server to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-4670

Affected Products

Ibm Planning Analytics Local

PT-2021-12154 · Ibm · Ibm Planning Analytics Local

CVE-2020-4670

Weakness Enumeration

Related Identifiers

Affected Products

References · 5