CVE-2021-38892 | IBM Planning Analytics/Planning Analytics Workspace DQM API access control (XFDB-209511)

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

1	32
0	20

source_cve_nvd_summary	1
advisory_confirm_url	1
exploit_price_trend	1
exploit_price_0day	1
vulnerability_cvss3_meta_tempscore	1

source_cve_nvd_summary

advisory_confirm_url

exploit_price_trend

exploit_price_0day

vulnerability_cvss3_meta_tempscore

90%	40
50%	10
70%	2

90%

50%

70%

90%	40
80%	10
70%	2

90%

80%

70%

ID	Commited	User	Field	Change	Remarks	Accepted	Reason	C
12050160	01/15/2022	VulD...	cve_nvd_summary	IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511.	cve.mitre.org	01/15/2022	accepted	70
12050159	01/15/2022	VulD...	confirm_url	https://www.ibm.com/support/pages/node/6524704	cve.mitre.org	01/15/2022	accepted	70
12037360	01/12/2022	VulD...	price_trend	+	see exploit price documentation	01/12/2022	accepted	90
12037359	01/12/2022	VulD...	price_0day	$5k-$25k	see exploit price documentation	01/12/2022	accepted	90
12037358	01/12/2022	VulD...	cvss3_meta_tempscore	8.5	see CVSS documentation	01/12/2022	accepted	90
12037357	01/12/2022	VulD...	cvss3_meta_basescore	8.6	see CVSS documentation	01/12/2022	accepted	90
12037356	01/12/2022	VulD...	cvss3_vuldb_tempscore	7.0	see CVSS documentation	01/12/2022	accepted	90
12037355	01/12/2022	VulD...	cvss3_vuldb_basescore	7.3	see CVSS documentation	01/12/2022	accepted	90
12037354	01/12/2022	VulD...	cvss2_vuldb_tempscore	6.5	see CVSS documentation	01/12/2022	accepted	90
12037353	01/12/2022	VulD...	cvss2_vuldb_basescore	7.5	see CVSS documentation	01/12/2022	accepted	90
12037352	01/12/2022	VulD...	cvss3_cna_basescore	10.0	see CVSS documentation	01/12/2022	accepted	90
12037351	01/12/2022	VulD...	cvss3_vuldb_e	X	derived from historical data	01/12/2022	accepted	80
12037350	01/12/2022	VulD...	cvss2_vuldb_e	ND	derived from historical data	01/12/2022	accepted	80
12037349	01/12/2022	VulD...	cvss2_vuldb_rl	OF	derived from vuldb v3 vector	01/12/2022	accepted	80
12037348	01/12/2022	VulD...	cvss2_vuldb_rc	C	derived from vuldb v3 vector	01/12/2022	accepted	80
12037347	01/12/2022	VulD...	cvss2_vuldb_ai	P	derived from vuldb v3 vector	01/12/2022	accepted	80
12037346	01/12/2022	VulD...	cvss2_vuldb_ii	P	derived from vuldb v3 vector	01/12/2022	accepted	80
12037345	01/12/2022	VulD...	cvss2_vuldb_ci	P	derived from vuldb v3 vector	01/12/2022	accepted	80
12037344	01/12/2022	VulD...	cvss2_vuldb_au	N	derived from vuldb v3 vector	01/12/2022	accepted	80
12037343	01/12/2022	VulD...	cvss2_vuldb_ac	L	derived from vuldb v3 vector	01/12/2022	accepted	80

Commited

User

Field

Change

Remarks

Accepted

Reason

IBM Planning Analytics/Planning Analytics Workspace up to 2.0 DQM API access control

🔒 Login Required

Do you want to use VulDB in your project?