CVE-2019-4716 CRITICAL

CVE-2019-4716

Vendor Ibm
Product Planning Analytics
KEV Status Known Exploited
Published December 18, 2019
Last update January 12, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/UI:N/AC:L/PR:N/I:H/S:C/AV:N/C:H/A:H/RC:C/RL:O/E:U

What the vulnerability does

01Description

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

December 18, 2019 CVE published
January 12, 2026 Record updated