CVE-2024-35143

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*

History

11 Sep 2024, 14:34

Type Values Removed Values Added
First Time Ibm planning Analytics Local
Ibm
Ibm planning Analytics Workspace
CVSS v2 : unknown
v3 : 6.7
v2 : unknown
v3 : 9.1
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 - Broken Link, VDB Entry
References () https://www.ibm.com/support/pages/node/7157110 - () https://www.ibm.com/support/pages/node/7157110 - Vendor Advisory
CPE cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) IBM Planning Analytics Local 2.0 y 2.1 se conecta a un servidor MongoDB. MongoDB, un sistema de base de datos orientado a documentos, escucha en el puerto remoto y está configurado para permitir conexiones sin autenticación de contraseña. Un atacante remoto puede obtener acceso no autorizado a la base de datos. ID de IBM X-Force: 292420.

04 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-04 13:15

Updated : 2024-09-11 14:34


NVD link : CVE-2024-35143

Mitre link : CVE-2024-35143

CVE.ORG link : CVE-2024-35143


JSON object : View

Products Affected

ibm

  • planning_analytics_workspace
  • planning_analytics_local
CWE
CWE-306

Missing Authentication for Critical Function