Main Vulnerability Database Vulnerabilities #VU59560

#VU59560 Improper Authentication in Planning Analytics Local - CVE-2021-38892

Published: January 12, 2022

Vulnerability identifier: #VU59560

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2021-38892

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Planning Analytics Local

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to DQM API allows submitting of all control requests in unauthenticated sessions. A remote attacker can access a valid PA endpoint to read and write files to the IBM Planning Analytics system.

Successful exploitation of the vulnerability may result in complete compromise of the system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-and-ibm-planning-analytics-workspace-are-affected-by-security-vulnerabilities/
https://www.ibm.com/support/pages/node/6524704

#VU59560 Improper Authentication in Planning Analytics Local - CVE-2021-38892

Description

Remediation

External links

Please verify you're human