Vulnerability Details : CVE-2021-39040
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025.
Exploit prediction scoring system (EPSS) score for CVE-2021-39040
Probability of exploitation activity in the next 30 days: 0.09%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 39 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-39040
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
|
6.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N |
2.1
|
4.2
|
IBM Corporation |
|
8.0
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
NIST |
CWE ids for CVE-2021-39040
-
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-39040
-
https://www.ibm.com/support/pages/node/6574003
Security Bulletin: IBM Planning Analytics is affected by security vulnerabilities.Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/214025
IBM Planning Analytics Workspace file upload CVE-2021-39040 Vulnerability ReportVDB Entry;Vendor Advisory
Products affected by CVE-2021-39040
- cpe:2.3:a:ibm:planning_analytics_workspace:2.0:*:*:*:*:*:*:*