CVE-2020-4288
Description
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM i2 Intelligent Analysis Platform 9.2.1 has a memory corruption vulnerability that allows remote code execution via a crafted document.
Vulnerability
CVE-2020-4288 is a memory corruption vulnerability in IBM i2 Intelligent Analysis Platform version 9.2.1. The flaw exists in the document parsing component and can be triggered when a victim opens a specially-crafted document. No authentication or special privileges are required for the code path to be reachable; user interaction is the only prerequisite [1].
Exploitation
An attacker must convince a victim to open a malicious document, typically via social engineering (e.g., email attachment or link). No network access beyond delivering the file is needed. Once the document is opened, the memory corruption is exploited to execute arbitrary code within the context of the victim's user session [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the system with the privileges of the victim. This can lead to full compromise of the affected system, including data theft, installation of malware, or denial of service via application crash. The CVSS v3.0 base score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [1].
Mitigation
IBM has released a fix as part of the security bulletin. Users should upgrade to IBM i2 Intelligent Analysis Platform version 9.2.2 or later, as specified in the vendor advisory [1]. No workarounds are documented; applying the patch is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 9.2.1
- IBM/i2 Analysts Notebookv5Range: 9.2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/176270mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6209081mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.