Skip to main content

Planning Analytics CVE-2022-22308

HIGH
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2022-02-21 psirt@us.ibm.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 21, 2022 - 18:15 nvd
HIGH 7.8

DescriptionNVD

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.

AnalysisAI

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-829. IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. Affected products include: Ibm Planning Analytics.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4716 CRITICAL POC
9.8 Dec 18

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use

CVE-2023-42017 CRITICAL
9.8 Dec 22

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validat

CVE-2019-4612 HIGH
8.8 Dec 09

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.

CVE-2021-38873 HIGH
7.8 Nov 24

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2022-22339 HIGH
7.3 Apr 08

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vul

CVE-2020-4764 MEDIUM
6.5 Dec 18

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute maliciou

CVE-2020-4648 MEDIUM
6.5 Aug 19

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified

CVE-2020-4653 MEDIUM
6.1 Aug 19

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rat

CVE-2019-4134 MEDIUM
6.1 Jul 02

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2020-4527 MEDIUM
5.9 Jul 20

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set t

CVE-2021-29852 MEDIUM
5.4 Sep 01

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2021-20477 MEDIUM
5.4 Jun 29

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2022-22308 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy