Security Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Golang Go (CVE-2024-24790)

IBM Planning Analytics Cartridge is considered affected by a vulnerability in Golang Go. For more information about the vulnerability impact, refer to the table in the “Related Information” section. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Cartridge and not any nested dependencies within the product.

## Vulnerability Details

**CVEID:**CVE-2024-24790
**DESCRIPTION:** An unspecified error related to various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses in the net/netip package in Golang Go has an unknown impact and attack vector.
**CVSS Source:** CISA ADP
**CVSS Base score:** 9.8
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM Planning Analytics Cartridge | 5.0.0 – 5.1.0
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data| 4.8.0 – 4.8.8

## Remediation/Fixes

It is strongly recommended that you apply the most recent security update:

Affected Product(s)| Version(s)| Fix
—|—|—
IBM Planning Analytics Cartridge| 5.0.0 – 5.1.0| Upgrading Planning Analytics from Version 5.1.x to a later 5.1 refresh Upgrading Planning Analytics from Version 5.0 to Version 5.1
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data| 4.8.0 – 4.8.8| Upgrading Planning Analytics from Version 4.8 to Version 5.1

## Workarounds and Mitigations

None

##