Login Sign Up

CVE-2021-38873

7.8 HIGH
Remote Code Execution

📋 TL;DR

IBM Planning Analytics 2.0 is vulnerable to CSV injection, allowing remote attackers to execute arbitrary commands on the system by exploiting improper validation of CSV file contents. This affects organizations using IBM Planning Analytics 2.0 who process untrusted CSV files.

💻 Affected Systems

Products:
  • IBM Planning Analytics
Versions: 2.0
Operating Systems: All platforms running IBM Planning Analytics 2.0
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerable when processing CSV files, particularly from untrusted sources.

📦 What is this software?

Planning Analytics by Ibm

View all CVEs affecting Planning Analytics →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Arbitrary command execution leading to data exfiltration, system manipulation, or installation of malware.

🟢

If Mitigated

Limited impact if proper input validation and file processing controls are implemented.

🌐 Internet-Facing: HIGH if the application processes CSV files from external sources without proper validation.
🏢 Internal Only: MEDIUM if CSV files are only processed internally, but still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the attacker to upload or have a malicious CSV file processed by the application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the fix as per IBM advisory APAR IJ37401

Vendor Advisory: https://www.ibm.com/support/pages/node/6517470

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Apply the fix for APAR IJ37401. 3. Restart the IBM Planning Analytics service. 4. Verify the fix by testing CSV file processing.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for CSV file contents to block malicious formulas or commands.

File Upload Restrictions

all

Restrict CSV file uploads to trusted sources and implement file type verification.

🧯 If You Can't Patch

  • Disable CSV file processing or restrict it to trusted internal sources only.
  • Implement network segmentation to isolate the IBM Planning Analytics system from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check if IBM Planning Analytics 2.0 is installed and processes CSV files without validation.

Check Version:

Refer to IBM documentation for version checking commands specific to your installation.

Verify Fix Applied:

Verify that the fix for APAR IJ37401 is applied and test with a safe CSV file containing test formulas.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CSV file processing logs, unexpected command executions, or errors related to file validation.

Network Indicators:

  • Suspicious file uploads to the IBM Planning Analytics service, unusual outbound connections post-file processing.

SIEM Query:

Search for events where CSV files are uploaded to IBM Planning Analytics followed by unexpected system commands or network activity.

📊 Metadata

CVE ID: CVE-2021-38873
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: November 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38873, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)