PT-2021-22302 · Ibm · Ibm Planning Analytics

Published

2021-11-24

Updated

2021-11-24

CVE-2021-38873

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics version 2.0

Description The issue is related to CSV Injection, where a remote attacker could execute arbitrary commands on the system due to improper validation of csv file contents. This allows for the potential execution of commands, posing a risk to the system's security.

Recommendations For IBM Planning Analytics version 2.0, consider implementing proper validation of csv file contents to prevent arbitrary command execution. As a temporary workaround, restrict the ability to upload or process csv files from untrusted sources until a fix is available.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2021-38873

Affected Products

Ibm Planning Analytics

PT-2021-22302 · Ibm · Ibm Planning Analytics

CVE-2021-38873

Weakness Enumeration

Related Identifiers

Affected Products

References · 6