CVE-2019-4716

CRITICAL KEV NUCLEI

IBM Planning Analytics <2.0.9 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2019-4716 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including Metasploit, Pedro Ribeiro <[email protected]>, Gareth Batchelor <[email protected]>, including a Metasploit module exploits/multi/misc/ibm_tm1_unauth_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated remote code execution vulnerability in IBM TM1 / Planning Analytics by overwriting configuration to enable CAM authentication, then injecting commands via TM1 scripting. It supports multiple platforms (Windows, Linux, AIX) and includes detailed packet handling for the proprietary protocol.

Description

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/48273

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated remote code execution vulnerability in IBM TM1 / Planning Analytics by overwriting configuration to enable CAM authentication, then injecting commands via TM1 scripting. It supports multiple platforms (Windows, Linux, AIX) and includes detailed packet handling for the proprietary protocol.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: IBM TM1 / Planning Analytics (up to PA 2.0.8, TM1 10.2.2)

No auth needed

Prerequisites: Network access to TCP port 5498 (default) · SSL/TLS negotiation (optional)

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]>, Gareth Batchelor <[email protected]> · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2019-4716, an unauthenticated remote code execution vulnerability in IBM TM1 / Planning Analytics. It abuses a configuration overwrite to change authentication methods, then performs command injection as root/SYSTEM via TM1 scripting.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM TM1 / Planning Analytics (up to PA 2.0.8, TM1 10.2.2)

No auth needed

Prerequisites: Network access to IBM TM1 / Planning Analytics Admin server (default port 5498)

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection

CRITICALVERIFIEDby 0x_Akoko

Shodan: title:"Arc for TM1"

References (5)

Core 5

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.ibm.com/support/pages/node/1127781

VDB Entry, Vendor Advisory vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/172094

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/Mar/44

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-4716

Scores

CVSS v3 9.8

EPSS 0.9345

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-14323

CWE

CWE-94

Status published

Products (1)

ibm/planning_analytics 2.0 - 2.0.8

Published Dec 18, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026