Vulnerability Details : CVE-2019-4716
Public exploit exists!
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Vulnerability category: Execute code
Products affected by CVE-2019-4716
- cpe:2.3:a:ibm:planning_analytics:*:*:*:*:*:*:*:*
CVE-2019-4716 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
IBM Planning Analytics Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-4716
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2019-4716
12.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-4716
-
IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution
Disclosure Date: 2019-12-19First seen: 2020-04-26exploit/multi/misc/ibm_tm1_unauth_rceThis module exploits a vulnerability in IBM TM1 / Planning Analytics that allows an unauthenticated attacker to perform a configuration overwrite. It starts by querying the Admin server for the available applications, picks one, and then exploits it. You can
CVSS scores for CVE-2019-4716
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
IBM Corporation | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-4716
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4716
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/172094
IBM Planning Analytics code execution CVE-2019-4716 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2020/Mar/44
Full Disclosure: CVE-2019-4716: conf overwrite + auth bypass = rce as root / SYSTEM on IBM PA / TM1Exploit;Mailing List;Third Party Advisory
-
https://www.ibm.com/support/pages/node/1127781
Security Bulletin: IBM Planning Analytics has addressed a Security VulnerabilityPatch;Vendor Advisory
Jump to