CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

Published: Jan 24, 2025
Updated: May 4, 2025
CVE: CVE-2024-40693
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
ibm / planning_analytics	2.0	2.0.x
ibm / planning_analytics	2.1	2.1.x

https://www.ibm.com/support/pages/node/7168387

Vulnerability Database

290,206

CVE-2024-40693