CVE-2021-38892

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

07 Nov 2023, 03:37

Type Values Removed Values Added
Summary ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

11 Feb 2022, 18:15

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
Summary IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
References
  • {'url': 'https://www.ibm.com/support/pages/node/6524704', 'name': 'https://www.ibm.com/support/pages/node/6524704', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/209511', 'name': 'ibm-planning-cve202138892-code-exec (209511)', 'tags': ['VDB Entry', 'Vendor Advisory'], 'refsource': 'XF'}
CWE CWE-22
CVSS v2 : 7.5
v3 : 9.8
v2 : unknown
v3 : unknown

20 Jan 2022, 13:53

Type Values Removed Values Added
First Time Ibm planning Analytics Workspace
Ibm planning Analytics
Ibm
References (CONFIRM) https://www.ibm.com/support/pages/node/6524704 - (CONFIRM) https://www.ibm.com/support/pages/node/6524704 - Patch, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/209511 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/209511 - VDB Entry, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*
CWE CWE-22

12 Jan 2022, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-12 17:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-38892

Mitre link : CVE-2021-38892

CVE.ORG link : CVE-2021-38892


JSON object : View

Products Affected

No product.

CWE

No CWE.