Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 93 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the "//go:cgo_" directives. By providing specially crafted input in the linker and compiler flags, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. CVSS Base score: 8.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268524 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: CVE-2023-46750 DESCRIPTION: **Apache Shiro could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when "form" authentication is used. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 7.4 CVSS Temporal Score: See: …Read More
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
