IBM Planning Analytics Authentication Bypass & Remote Code Execution Vulnerability
漏洞信息
漏洞名称: IBM Planning Analytics Authentication Bypass & Remote Code Execution Vulnerability
漏洞编号:
- CVE: CVE-2019-4716
漏洞类型: 权限绕过
漏洞等级: 严重
漏洞描述: ### 受影响产品
IBM Planning Analytics是IBM公司推出的一款企业级规划和分析软件,广泛应用于财务规划、预算编制、预测分析等业务场景。该软件支持通过TM1脚本进行高级数据操作和自动化任务处理,是企业决策支持系统的重要组成部分。
漏洞说明
该漏洞属于权限绕过类型,由于IBM Planning Analytics在2.0.0至2.0.8版本中存在配置覆盖问题,攻击者无需认证即可访问系统,并以’admin’身份登录。通过利用TM1脚本,攻击者可以进一步以root或SYSTEM权限执行任意代码,实现远程代码执行。漏洞的根本原因在于系统未对未认证访问进行有效限制,导致配置可以被恶意修改。
影响分析
此漏洞的安全风险极高,攻击者可以利用此漏洞完全控制受影响的系统,执行任意命令,窃取敏感数据,甚至破坏系统服务。由于漏洞利用无需认证,且可以自动化执行,因此攻击门槛较低,潜在影响范围广泛。企业用户应立即升级至安全版本,以避免遭受攻击。
产品厂商: IBM
产品名称: IBM Planning Analytics
影响版本: 2.0.0 <= version <= 2.0.8
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12644
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
IBM Planning Analytics versions 2.0.0 through 2.0.8 contain a configuration overwrite caused by unauthenticated access, letting attackers login as ‘admin’ and execute code as root or SYSTEM via TM1 scripting, exploit requires unauthenticated access.
Severity: Critical
POC:
- http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Mar/44
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.