CVE-2024-35143

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35143
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 Broken Link VDB Entry
https://www.ibm.com/support/pages/node/7157110 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
History

11 Sep 2024, 14:34

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*
First Time Ibm planning Analytics Local
Ibm
Ibm planning Analytics Workspace
CVSS v2 : unknown
v3 : 6.7 		v2 : unknown
v3 : 9.1
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 - Broken Link, VDB Entry
References () https://www.ibm.com/support/pages/node/7157110 - () https://www.ibm.com/support/pages/node/7157110 - Vendor Advisory

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) IBM Planning Analytics Local 2.0 y 2.1 se conecta a un servidor MongoDB. MongoDB, un sistema de base de datos orientado a documentos, escucha en el puerto remoto y está configurado para permitir conexiones sin autenticación de contraseña. Un atacante remoto puede obtener acceso no autorizado a la base de datos. ID de IBM X-Force: 292420.

04 Aug 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-04 13:15

Updated : 2024-09-11 14:34

NVD link : CVE-2024-35143

Mitre link : CVE-2024-35143

CVE.ORG link : CVE-2024-35143

JSON object : View

Products Affected

ibm

  • planning_analytics_workspace
  • planning_analytics_local
CWE
CWE-306

Missing Authentication for Critical Function