{"id":2647,"date":"2025-05-02T14:33:01","date_gmt":"2025-05-02T14:33:01","guid":{"rendered":"http:\/\/localhost\/?p=2647"},"modified":"2025-05-02T14:33:01","modified_gmt":"2025-05-02T14:33:01","slug":"security-bulletin-ibm-planning-analytics-cartridge-has-addressed-a-security-vulnerability-in-golang","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2647","title":{"rendered":"Security Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Golang Go (CVE-2024-24790)"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Golang Go (CVE-2024-24790)<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-05-02T16:03:34<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-05-02T18:56:39<\/td>\n<\/tr>\n
CVSS Score<\/th>\n9.8 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2024-24790<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

IBM Planning Analytics Cartridge is considered affected by a vulnerability in Golang Go. For more information about the vulnerability impact, refer to the table in the “Related Information” section. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Cartridge and not any nested dependencies within the product.<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2024-24790
\n**DESCRIPTION:** An unspecified error related to various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses in the net\/netip package in Golang Go has an unknown impact and attack vector.
\n**CVSS Source:** CISA ADP
\n**CVSS Base score:** 9.8
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H)<\/p>\n

## Affected Products and Versions<\/p>\n

Affected Product(s)| Version(s)
\n—|—
\nIBM Planning Analytics Cartridge | 5.0.0 – 5.1.0
\nIBM Planning Analytics Cartridge for IBM Cloud Pak for Data| 4.8.0 – 4.8.8 <\/p>\n

## Remediation\/Fixes<\/p>\n

It is strongly recommended that you apply the most recent security update:<\/p>\n

Affected Product(s)| Version(s)| Fix
\n—|—|—
\nIBM Planning Analytics Cartridge| 5.0.0 – 5.1.0| Upgrading Planning Analytics from Version 5.1.x to a later 5.1 refresh Upgrading Planning Analytics from Version 5.0 to Version 5.1
\nIBM Planning Analytics Cartridge for IBM Cloud Pak for Data| 4.8.0 – 4.8.8| Upgrading Planning Analytics from Version 4.8 to Version 5.1 <\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n9.8<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n