PT-2022-10865 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics version 2.0 IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

Server side request forgery (ssrf)

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736...

IBM Planning Analytics 安全漏洞

IBM Planning Analytics, a planning, budgeting, forecasting and analysis solution, is vulnerable to an information disclosure in IBM Planning Analytics version 2.0. The vulnerability stems from the HTTPOnly flag not being set. A remote attacker could use this vulnerability to obtain sensitive...

CVE-2021-29851

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527...

Cross site scripting

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949...

CVE-2020-4562

Summary: CVE-2020-4562 affects IBM Planning Analytics 2.0 (Local) in the Planning Analytics Workspace component. A vulnerability allows a remote attacker to obtain sensitive information via cross-window communication with an unrestricted target origin in documentation frames. The root cause is an...

CVE-2020-4882

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery SSRF attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852...

CVE-2020-4953

IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029...

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 61. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to...

CVE-2020-4648

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019...

CVE-2019-4613

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524...

CVE-2019-4134

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281...