CVE-2023-42017

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local version 2.0

Description The issue allows a remote attacker to upload arbitrary files due to the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.

Recommendations For IBM Planning Analytics Local version 2.0, consider restricting access to file upload functionality until a patch is available. As a temporary workaround, disabling the file upload feature could minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.