Security Bulletin: IBM Planning Analytics Workspace is affected by a security vulnerability

Summary

The Planning Analytics Workspace component of IBM Planning Analytics is affected by a vulnerability. This has been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 63.

Vulnerability Details

CVEID:CVE-2020-4562
**DESCRIPTION:**IBM Planning Analytics could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183904 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Planning Analytics 2.0

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical.

Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 63 from Fix Central.

This Security Bulletin is applicable to IBM Planning Analytics 2.0 (Local).

The vulnerability has been addressed on IBM Planning Analytics Cloud and no further action is required.

Workarounds and Mitigations

None