CVE-2020-4670

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:planning_analytics_cloud:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*

History

24 May 2021, 15:10

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.4
v3 : 9.1
CPE cpe:2.3:a:ibm:planning_analytics_cloud:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/186401 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/186401 - VDB Entry, Vendor Advisory
References (CONFIRM) https://www.ibm.com/support/pages/node/6436821 - (CONFIRM) https://www.ibm.com/support/pages/node/6436821 - Patch, Vendor Advisory
CWE CWE-287

Information

Published : 2021-05-17 17:15

Updated : 2024-02-04 21:47


NVD link : CVE-2020-4670

Mitre link : CVE-2020-4670

CVE.ORG link : CVE-2020-4670


JSON object : View

Products Affected

ibm

  • planning_analytics_local
  • planning_analytics_cloud
CWE
CWE-306

Missing Authentication for Critical Function