Rewterz

Rewterz Threat Advisory – Node.js ejs Module and Angular Module Vulnerabilities

April 26, 2022
Rewterz

Rewterz Threat Alert – ZLoader Banking Trojan – Active IOCs

April 26, 2022

Rewterz Threat Advisory – IBM Planning Analytics Workspace Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-22392 CVSS:6.8

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.

CVE-2021-39040 CVSS:6.3

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.

Impact

  • Code Execution
  • Unauthorized Access

Indicators Of Compromise

CVE

  • CVE-2022-22392
  • CVE-2021-39040

Affected Vendors

IBM

Affected Products

  • IBM Planning Analytics Workspace 2.0

Remediation

Refer to IBM Security Bulletin for the patch, upgrade or suggested workaround information.
IBM Security Bulletin

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.