CVE-2022-22339

Vulnerability

IBM Planning Analytics Workspace 2.0 is vulnerable to server-side request forgery (SSRF) [1]. An authenticated attacker can exploit this vulnerability to send unauthorized HTTP requests from the system. The vulnerability exists in the application's handling of user-supplied URLs or similar inputs. IBM Planning Analytics Workspace versions prior to 2.0.74 are affected [1].

Exploitation

An attacker must have valid authentication credentials to the IBM Planning Analytics Workspace instance. The attacker then crafts a request that causes the server to make an HTTP request to an arbitrary URL controlled by the attacker. This request is sent from the server's network context, bypassing local network restrictions. The attacker can target internal hosts or services not exposed to the wider network [1].

Impact

Successful exploitation allows the attacker to perform network enumeration, probe internal services, and potentially facilitate further attacks such as port scanning or accessing internal systems. The SSRF does not directly expose data but can provide information about the internal network topology and services [1]. The impact is limited to the server's network permissions and does not directly lead to code execution or privilege escalation.

Mitigation

The vulnerability is fixed in IBM Planning Analytics Workspace version 2.0.74, released in April 2022 [1]. Users should upgrade to this version or later. No workarounds are publicly documented. The vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.