CVE-2023-42017 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-42017 PUBLISHED CVSS 8 HIGH

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567.

EPSS 0.22% · 44.5th percentile

Risk Scores

CVSS v3.1

8

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.22%

44.5th percentile

Affected Products

Vendor	Product	Versions
ibm	planning_analytics	2.0
IBM	Planning Analytics	2.0

Timeline

Dec 22, 2023 CVE Published
Dec 23, 2023 EPSS Score
Jan 20, 2024 EPSS Score
Feb 18, 2024 EPSS Score
Mar 17, 2024 EPSS Score
Apr 14, 2024 EPSS Score
May 13, 2024 EPSS Score
Jun 10, 2024 EPSS Score
Jul 8, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 6, 2024 EPSS Score
Sep 3, 2024 EPSS Score

References

https://www.ibm.com/support/pages/node/7096528 vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 vdb
https://nvd.nist.gov/vuln/detail/CVE-2023-42017 advisory

Open in Interactive Console →