Lucene search

K
ibmIBM11839AA3215AF51DE6659A6AF7FA4C52F3D11F12110F5D2545A2C437EEC156B4
HistoryDec 06, 2019 - 8:39 p.m.

Security Bulletin: IBM Planning Analytics Local is affected by security vulnerabilities

2019-12-0620:39:30
www.ibm.com
6

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Summary

The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These vulnerabilities have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47.

Vulnerability Details

CVEID:CVE-2019-4612
**DESCRIPTION:**IBM Planning Analytics Workspace is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)

CVEID:CVE-2019-4611
**DESCRIPTION:**IBM Planning Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Planning Analytics 2.0

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical.

Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47 from Fix Central.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm planning analytics localeq2.0

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

Related for 11839AA3215AF51DE6659A6AF7FA4C52F3D11F12110F5D2545A2C437EEC156B4