IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 | Broken Link VDB Entry |
https://www.ibm.com/support/pages/node/7157110 | Vendor Advisory |
Configurations
History
11 Sep 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ibm planning Analytics Local
Ibm Ibm planning Analytics Workspace |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 - Broken Link, VDB Entry | |
References | () https://www.ibm.com/support/pages/node/7157110 - Vendor Advisory | |
CPE | cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:* |
05 Aug 2024, 12:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Aug 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-04 13:15
Updated : 2024-09-11 14:34
NVD link : CVE-2024-35143
Mitre link : CVE-2024-35143
CVE.ORG link : CVE-2024-35143
JSON object : View
Products Affected
ibm
- planning_analytics_workspace
- planning_analytics_local
CWE
CWE-306
Missing Authentication for Critical Function