Rewterz Threat Advisory – Node.js ejs Module and Angular Module Vulnerabilities
April 26, 2022Rewterz Threat Alert – ZLoader Banking Trojan – Active IOCs
April 26, 2022Rewterz Threat Advisory – Node.js ejs Module and Angular Module Vulnerabilities
April 26, 2022Rewterz Threat Alert – ZLoader Banking Trojan – Active IOCs
April 26, 2022Severity
Medium
Analysis Summary
CVE-2022-22392 CVSS:6.8
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution.
CVE-2021-39040 CVSS:6.3
IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.
Impact
- Code Execution
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-22392
- CVE-2021-39040
Affected Vendors
IBM
Affected Products
- IBM Planning Analytics Workspace 2.0
Remediation
Refer to IBM Security Bulletin for the patch, upgrade or suggested workaround information.
IBM Security Bulletin