CVE-2019-4612
Description
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Planning Analytics 2.0 My Account Portal allows authenticated users to upload malicious executable files, enabling further attacks via social engineering.
Vulnerability
The My Account Portal in IBM Planning Analytics 2.0 is vulnerable to malicious file upload. An authenticated attacker can upload executable files that can be sent to victims for further attacks. This issue affects IBM Planning Analytics 2.0 and is addressed in Planning Analytics Workspace Release 47 [1].
Exploitation
An attacker needs authenticated access (PR:L) and user interaction (UI:R) to succeed. The attacker uploads a malicious executable via the My Account Portal, then sends the file to a victim who must execute it [1].
Impact
Successful exploitation results in high integrity impact (I:H) and limited confidentiality impact (C:L). The attacker can execute arbitrary code on the victim's system, potentially leading to further compromise [1].
Mitigation
IBM released a fix in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47. Users should upgrade to this version. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =2.0
- Range: 2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/168523mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/1118565mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.