Multiple vulnerabilities in IBM Planning Analytics Workspace



Published: 2022-09-12
Risk High
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2021-27290
CVE-2021-20526
CVE-2019-11358
CVE-2020-11023
CVE-2020-11022
CVE-2021-20066
CVE-2021-32804
CVE-2021-32803
CVE-2021-23362
CVE-2020-7788
CVE-2020-7774
CVE-2020-28458
CVE-2021-22939
CVE-2021-22931
CVE-2021-23343
CWE-ID CWE-185
CWE-732
CWE-400
CWE-79
CWE-862
CWE-36
CWE-94
CWE-295
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #11 is available.
Vulnerable software
Subscribe
Planning Analytics Local
Client/Desktop applications / Office applications

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Incorrect Regular Expression

EUVDB-ID: #VU52194

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-27290

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of SRIs. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Incorrect permission assignment for critical resource

EUVDB-ID: #VU67154

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20526

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a failure when setting the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Prototype pollution

EUVDB-ID: #VU18092

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11358

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to prototype pollution. A remote attacker can trick the extend function can into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Cross-site scripting

EUVDB-ID: #VU27519

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-11023

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Cross-site scripting

EUVDB-ID: #VU27052

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-11022

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Missing Authorization

EUVDB-ID: #VU67156

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20066

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate local files.

The vulnerability exists due to JSDom improperly allows the loading of local resources. A remote attacker can manipulate local files using a malicious web page when script execution is enabled.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Absolute Path Traversal

EUVDB-ID: #VU58205

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-32804

CWE-ID: CWE-36 - Absolute Path Traversal

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to a logic issue when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Absolute Path Traversal

EUVDB-ID: #VU58206

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-32803

CWE-ID: CWE-36 - Absolute Path Traversal

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to a logic issue when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the node-tar directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where node-tar checks for symlinks occur.

By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Incorrect Regular Expression

EUVDB-ID: #VU61255

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-23362

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expression "shortcutMatch" in the "fromUrl" function. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Prototype pollution

EUVDB-ID: #VU66955

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7788

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation when handling INI files. A remote attacker can pass a specially crafted INI file to the application and perform prototype pollution attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Prototype pollution

EUVDB-ID: #VU52909

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7774

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary JavaScript code.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Resource exhaustion

EUVDB-ID: #VU67178

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-28458

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to manipulate data.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Improper Certificate Validation

EUVDB-ID: #VU61253

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-22939

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incomplete validation of rejectUnauthorized parameter. A remote attacker can cause the connections to servers with an expired certificate would have been accepted.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Improper input validation

EUVDB-ID: #VU57498

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-22931

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Cluster: General (Node.js) component in MySQL Cluster. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Incorrect Regular Expression

EUVDB-ID: #VU55315

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-23343

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in splitDeviceRe, splitTailRe, and splitPathRe regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Planning Analytics Local: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-12/
http://www.ibm.com/support/pages/node/6507095

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###