CVE-2024-25034

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics versions 2.0 through 2.1

Description: The issue concerns a malicious file upload weakness due to the lack of file type validation in the File Manager T1 process. This allows attackers to upload malicious executable files into the system, which can then be sent to victims to perform further attacks.

Recommendations: For IBM Planning Analytics versions 2.0 and 2.1, consider implementing validation for file types in the File Manager T1 process to prevent malicious file uploads. As a temporary workaround, restrict access to the File Manager T1 process until a proper fix is applied. Avoid using the File Manager T1 process for uploading files from untrusted sources until the issue is resolved.