CVE-2020-4670
First published: Fri May 14 2021(Updated: )
IBM Planning Analytics connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ibm Planning Analytics Cloud | =2.0.0 | |
| IBM Planning Analytics Local | =2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-4670?
The severity of CVE-2020-4670 is critical, with a CVSS score of 9.1.
What is the affected software for CVE-2020-4670?
The affected software for CVE-2020-4670 includes IBM Planning Analytics Cloud 2.0.0 and IBM Planning Analytics Local 2.0.0.
How can a remote attacker exploit CVE-2020-4670?
A remote attacker can exploit CVE-2020-4670 by gaining unauthorized access to the unprotected Redis server.
Is there a fix available for CVE-2020-4670?
Yes, a fix is provided by IBM. Please refer to the official IBM support pages for details on how to apply the fix.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-4670?
The Common Weakness Enumeration (CWE) ID for CVE-2020-4670 is 306.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- vendor/ibm
- canonical/ibm planning analytics cloud
- version/ibm planning analytics cloud/2.0.0
- canonical/ibm planning analytics local
- version/ibm planning analytics local/2.0.0