1. Home
  2. CVE Database
  3. CVE-2024-25034
HIGH · 8.0

CVE-2024-25034

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload ma...

Vulnerability Description

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IbmPlanning Analytics2.0

Related Weaknesses (CWE)

CWE-434

References

FAQ

What is CVE-2024-25034?

CVE-2024-25034 is a vulnerability with a CVSS score of 8.0 (HIGH). IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload ma...

How severe is CVE-2024-25034?

CVE-2024-25034 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-25034?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Planning Analytics.