CVE-2024-35143

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.0 through 2.1

Description The issue concerns a lack of password authentication in MongoDB connections, allowing a remote attacker to gain unauthorized access to the database. This could potentially lead to data compromise.

Recommendations For versions 2.0 and 2.1, upgrade to a version that includes password authentication for MongoDB connections to prevent unauthorized access. As a temporary workaround, consider configuring MongoDB to require password authentication for all connections until a patch is available. Restrict access to the MongoDB server to minimize the risk of exploitation.