IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2020/Mar/44 | Exploit Mailing List Third Party Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172094 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/1127781 | Patch Vendor Advisory |
| http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2020/Mar/44 | Exploit Mailing List Third Party Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172094 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/1127781 | Patch Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-4716 |
Configurations
History
22 Oct 2025, 00:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 20:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 19:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Information
Published : 2019-12-18 17:16
Updated : 2025-10-22 00:16
NVD link : CVE-2019-4716
Mitre link : CVE-2019-4716
CVE.ORG link : CVE-2019-4716
JSON object : View
Products Affected
ibm
- planning_analytics
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')