CVE-2024-40693

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics versions 2.0 through 2.1

Description The issue concerns a malicious file upload risk due to the lack of validation of the content of uploaded files to the web interface. Attackers can exploit this weakness by uploading malicious executable files into the system, which can then be sent to victims for further attacks.

Recommendations For IBM Planning Analytics versions 2.0 through 2.1, consider implementing validation of the content of files uploaded to the web interface to prevent malicious file uploads. As a temporary workaround, restrict access to the file upload feature in the web interface until a proper fix is applied. Avoid using the file upload feature in the affected versions until the issue is resolved.