Wiz
Vulnerability DatabaseCVE-2023-42017

CVE-2023-42017
IBM Planning Analytics vulnerability analysis and mitigation

Overview

IBM Planning Analytics Local 2.0 contains a critical vulnerability (CVE-2023-42017) related to improper validation of file extensions. The vulnerability was discovered and disclosed on December 22, 2023, affecting IBM Planning Analytics Local version 2.0. This security flaw has received a CVSS v3.1 base score of 8.0 (High) from IBM Corporation and 9.8 (Critical) from NVD (NVD, IBM Security).

Technical details

The vulnerability stems from insufficient validation of file extensions in the file upload functionality. When exploited, it allows remote attackers to upload malicious scripts through specially crafted HTTP requests. The severity assessment varies between sources, with IBM assigning a CVSS v3.1 Vector of AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (8.0) and NVD assigning AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). The vulnerability is classified under CWE-434: Unrestricted Upload of File with Dangerous Type (NVD).

Impact

Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the vulnerable system. The impact affects all three key security aspects: confidentiality, integrity, and availability. The high severity ratings indicate that successful exploitation could lead to a complete compromise of the affected system (Cyber Security News).

Mitigation and workarounds

IBM has released security updates to address this vulnerability. Users of IBM Planning Analytics Local 2.0 are strongly advised to apply the most recent security update. For IBM Planning Analytics Workspace, users should upgrade to Release 92, available from Fix Central. Cloud environments of IBM Planning Analytics Workspace have already been remediated (IBM Security).

Additional resources

SourceThis report was generated using AI

Related IBM Planning Analytics vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-42017CRITICAL9.8
  • IBM Planning AnalyticsIBM Planning Analytics
  • cpe:2.3:a:ibm:planning_analytics
NoYesDec 22, 2023
CVE-2024-25034HIGH8.8
  • IBM Planning AnalyticsIBM Planning Analytics
  • cpe:2.3:a:ibm:planning_analytics
NoYesJan 24, 2025
CVE-2024-40693HIGH8
  • IBM Planning AnalyticsIBM Planning Analytics
  • cpe:2.3:a:ibm:planning_analytics
NoYesJan 24, 2025
CVE-2022-22339HIGH7.3
  • IBM Planning AnalyticsIBM Planning Analytics
  • cpe:2.3:a:ibm:planning_analytics
NoYesApr 08, 2022
CVE-2021-39047MEDIUM6.1
  • IBM Planning AnalyticsIBM Planning Analytics
  • cpe:2.3:a:ibm:planning_analytics
NoYesJun 24, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo