Vulnerabilities > IBM > Planning Analytics > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-22 CVE-2023-42017 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions.
network
low complexity
ibm CWE-434
critical
 9.8
9.8
2021-11-24 CVE-2021-38873 Injection vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection.
network
ibm CWE-74
critical
 9.3
9.3
2019-12-18 CVE-2019-4716 Code Injection vulnerability in IBM Planning Analytics
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.
network
low complexity
ibm CWE-94
critical
 9.8
9.8