VDB
CVE-2023-42017
CVE-2023-42017
PUBLISHED
CVSS 8 HIGH
IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.
EPSS 0.11% · 29.5th percentile
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.11%
29.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | planning_analytics | 2.0 |
| IBM | Planning Analytics | 2.0 |
Timeline
- Dec 22, 2023 CVE Published
- Dec 23, 2023 EPSS Score
- Jan 21, 2024 EPSS Score
- Feb 19, 2024 EPSS Score
- Mar 19, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 16, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 13, 2024 EPSS Score
- Aug 2, 2024 CVE Updated
- Aug 10, 2024 EPSS Score
- Sep 8, 2024 EPSS Score