Vulnerabilities > CVE-2020-4669 - Missing Authorization vulnerability in IBM Planning Analytics Cloud and Planning Analytics Local

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ibm

CWE-862

NVD

Published: 2021-05-17

Updated: 2021-05-24

Summary

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Planning Analytics Cloud 2.0.0 IBM Planning Analytics Local 2.0.0	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.ibm.com/support/pages/node/6436821
https://exchange.xforce.ibmcloud.com/vulnerabilities/186400