CVE-2024-40693: 
IBM Planning Analytics vulnerability analysis and mitigation

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. The vulnerability, identified as CVE-2024-40693, allows attackers to upload malicious executable files into the system that can be sent to victims for performing further attacks (IBM Security).

The vulnerability is classified with CWE-434: Unrestricted Upload of File with Dangerous Type. It has been assigned a CVSS Base score of 8.0 with vector CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating a high severity level. The vulnerability stems from inadequate validation of file content during the upload process to the web interface (IBM Security).

If exploited, attackers can upload malicious executable files into the system, which can then be distributed to victims to conduct further attacks. The high CVSS score indicates potential for significant impact on confidentiality, integrity, and availability of the system (IBM Security).

IBM recommends applying the most recent security updates. For IBM Planning Analytics Local 2.1, users should upgrade to IBM Planning Analytics Local 2.1.6 available from Fix Central. For version 2.0, users should download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 99 from Fix Central. IBM Planning Analytics Workspace cloud environments have already been remediated (IBM Security).