CVE-2021-38892

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-38892
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

11 Feb 2022, 18:15

Type Values Removed Values Added
CWE CWE-22
Summary IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS v2 : 7.5
v3 : 9.8 		v2 : unknown
v3 : unknown
CPE cpe:2.3:a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
References
  • {'url': 'https://www.ibm.com/support/pages/node/6524704', 'name': 'https://www.ibm.com/support/pages/node/6524704', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/209511', 'name': 'ibm-planning-cve202138892-code-exec (209511)', 'tags': ['VDB Entry', 'Vendor Advisory'], 'refsource': 'XF'}

20 Jan 2022, 13:53

Type Values Removed Values Added
CWE CWE-22
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/209511 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/209511 - VDB Entry, Vendor Advisory
References (CONFIRM) https://www.ibm.com/support/pages/node/6524704 - (CONFIRM) https://www.ibm.com/support/pages/node/6524704 - Patch, Vendor Advisory
CPE cpe:2.3:a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8

12 Jan 2022, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-01-12 17:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-38892

Mitre link : CVE-2021-38892

CVE.ORG link : CVE-2021-38892

JSON object : View

Products Affected

No product.

CWE

No CWE.