HIGH🇬🇧 English

CVE-2022-22308

CVSS 7.8v3.1pub. 2022-02-21upd. 2024-11-21

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • IBM Planning Analytics

    APP
    Ibm
    2.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-4716CRITICAL9.8⚠ KEVten sam produkt

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthent...

CVE-2024-25034HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of ...

CVE-2024-40693HIGH8.0ten sam produkt

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content ...

CVE-2023-42017HIGH8.0ten sam produkt

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improp...

CVE-2022-22339HIGH7.3ten sam produkt

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticate...