CVE-2024-35143
📋 TL;DR
IBM Planning Analytics Local 2.0 and 2.1 connects to MongoDB without requiring authentication, allowing remote attackers to access the database. This affects organizations using these specific versions with default or misconfigured MongoDB settings. The vulnerability enables unauthorized data access and potential manipulation.
💻 Affected Systems
- IBM Planning Analytics Local
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of MongoDB data including sensitive business planning information, financial data, and potential lateral movement to other systems.
Likely Case
Unauthorized access to business intelligence data, exposure of confidential planning information, and potential data manipulation.
If Mitigated
Limited impact with proper network segmentation and authentication controls in place.
🎯 Exploit Status
Exploitation requires network access to MongoDB port and no authentication configured.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply security updates as per IBM advisory
Vendor Advisory: https://www.ibm.com/support/pages/node/7157110
Restart Required: Yes
Instructions:
1. Review IBM advisory 2. Apply recommended security updates 3. Restart affected services 4. Verify MongoDB authentication is enabled
🔧 Temporary Workarounds
Enable MongoDB Authentication
allConfigure MongoDB to require authentication for all connections
mongod --auth
use admin; db.createUser({user: "admin", pwd: "strong_password", roles: ["root"]})
Network Segmentation
linuxRestrict MongoDB access to only trusted IP addresses
iptables -A INPUT -p tcp --dport 27017 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 27017 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit MongoDB exposure
- Enable MongoDB authentication with strong credentials immediately
🔍 How to Verify
Check if Vulnerable:
Attempt to connect to MongoDB port 27017 without authentication using mongosh or similar clientCheck Version:
Check IBM Planning Analytics version in administration console or configuration filesVerify Fix Applied:
Verify authentication is required when connecting to MongoDB and test with invalid credentials📡 Detection & Monitoring
Log Indicators:
- MongoDB authentication failures
- Unauthorized connection attempts to port 27017
- Unusual database queries from unexpected sources
Network Indicators:
- Unencrypted MongoDB traffic to/from Planning Analytics servers
- Connection attempts to MongoDB without authentication
SIEM Query:
source_port:27017 AND (event_type:connection OR event_type:authentication_failure)