IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Link | Tags |
---|---|
https://www.ibm.com/support/pages/node/6999351 | patch vendor advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 | vdb entry vendor advisory |