CVE-2019-4716

Sažetak

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

Reference

http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Mar/44
https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
https://www.ibm.com/support/pages/node/1127781
http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Mar/44
https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
https://www.ibm.com/support/pages/node/1127781
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-4716

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

27-10-2025 - 14:16

Objavljeno

18-12-2019 - 17:16