CVE-2024-25034

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

Published: Jan 24, 2025
Updated: May 4, 2025
CVE: CVE-2024-25034
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
ibm / planning_analytics	2.0	2.0.x
ibm / planning_analytics	2.1	2.1.x

https://www.ibm.com/support/pages/node/7168387

Vulnerability Database

290,206

CVE-2024-25034