The Planning Analytics Spreadsheet Services component of IBM Planning Analytics is affected by security vulnerabilties. These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Spreadsheet Services Release 67.
CVEID:CVE-2021-23926
**DESCRIPTION:**Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML request, a remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID:CVE-2021-29739
**DESCRIPTION:**IBM Planning Analytics could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198846 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)
IBM Planning Analytics Local 2.0
The recommended solution is to apply the fix as soon as practical.
[Download IBM Planning Analytics Local v2.0: Planning Analytics Spreadsheet Services Release 67 from Fix Central](<https://www.ibm.com/support/pages/node/6478987> "Download IBM Planning Analytics Local v2.0: Planning Analytics Spreadsheet Services Release 67 from Fix Central" )
This Security Bulletin is applicable to IBM Planning Analytics 2.0 (Local).
The vulnerabilities have been addressed on IBM Planning Analytics with Watson and no further action is required.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm planning analytics local | eq | 2.0 |