PT-2023-21390 · Ibm · Planning Analytics Cartridge For Cloud Pak For Data

Published

2023-07-19

Updated

2023-07-28

CVE-2023-27877

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Cartridge for Cloud Pak for Data version 4.0

Description The issue concerns an insecure password policy in the CouchDB server connected to IBM Planning Analytics Cartridge for Cloud Pak for Data. This allows an attacker to exploit the policy and collect sensitive information from the database.

Recommendations For IBM Planning Analytics Cartridge for Cloud Pak for Data version 4.0, consider implementing a secure password policy for the CouchDB server to prevent exploitation. As a temporary workaround, restrict access to the CouchDB server to minimize the risk of sensitive information collection.

Fix

Improper Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-200

Related Identifiers

CVE-2023-27877

Affected Products

Planning Analytics Cartridge For Cloud Pak For Data

PT-2023-21390 · Ibm · Planning Analytics Cartridge For Cloud Pak For Data

CVE-2023-27877

Weakness Enumeration

Related Identifiers

Affected Products

References · 6