CVE-2020-4670 — Vulnetix

CVE-2020-4670 PUBLISHED CVSS 7.400000095367432 HIGH

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.

EPSS 1.68% · 82.5th percentile

Risk Scores

CVSS 3.0

7.400000095367432

CVSS:3.0/PR:N/AC:H/S:U/AV:N/UI:N/C:H/A:N/I:H/RC:C/E:U/RL:O

EPSS Score

1.68%

82.5th percentile

Affected Products

Vendor	Product	Versions
ibm	planning_analytics_cloud	2.0.0
IBM	Planning Analytics Local	2.0
ibm	planning_analytics_local	2.0.0

Exploit Intelligence

https://www.ibm.com/support/pages/node/6436821 (circl)
ibm-planning-cve20204670-data-manipulation (186401) (circl)

Timeline

May 17, 2021 CVE Published
May 18, 2021 EPSS Score
May 25, 2021 EPSS Score
Jul 21, 2021 EPSS Score
Nov 21, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 21, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 24, 2022 EPSS Score
May 24, 2022 EPSS Score
Jul 26, 2022 EPSS Score
Sep 25, 2022 EPSS Score

References

https://www.ibm.com/support/pages/node/6436821 url
ibm-planning-cve20204670-data-manipulation (186401) vdb
https://nvd.nist.gov/vuln/detail/CVE-2020-4670 advisory

Open in Interactive Console →