CVE-2024-35143

CVE-2024-35143 concerns IBM Planning Analytics Local (2.0, 2.1) that connects to a MongoDB server which is exposed to remote access with no password authentication. The root cause is unauthenticated MongoDB connections enabled by the product’s configuration, allowing a remote attacker to gain una...

Input validation

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the...

CVE-2023-42017

Summary: CVE-2023-42017 affects IBM Planning Analytics Local 2.0, where improper validation of file extensions enables a remote attacker to upload arbitrary files via a crafted HTTP request, potentially allowing execution of arbitrary code on the vulnerable system. Affected product/component: IBM...

CVE-2022-22314

CVE-2022-22314 affects IBM Planning Analytics Local 2.0. The IBM bulletin ties the issue to cached web data that can be read by another user on the same system, describing it as a local access impact. The connected IBM Security Bulletin notes it is part of multiple vulnerabilities in Planning Ana...

CVE-2022-22392

CVE-2022-22392 affects IBM Planning Analytics Local 2.0; vulnerable via arbitrary file upload that can lead to code execution when executed by a victim. Root cause relates to unvalidated file upload handling. Exploitation details are not provided in the connected documents. Remediation guidance r...

CVE-2021-29739

IBM Planning Analytics Local 2.0 is affected by CVE-2021-29739 in the Planning Analytics Spreadsheet Services component, where returning a stack trace in a browser could disclose sensitive information to a remote attacker. Public documentation across multiple sources (NVD entry; CNVD/CNNVD entrie...

Design/Logic Flaw

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401...

CVE-2020-4669

CVE-2020-4669 affects IBM Planning Analytics Local 2.0 when it connects to a MongoDB server that is configured to allow remote connections without password authentication. The MongoDB instance is listening on a remote port, enabling a remote attacker to gain unauthorized access to the database. R...

CVE-2020-4985

IBM Planning Analytics Local 2.0 is affected by an information-disclosure vulnerability in the Planning Analytics Spreadsheet Services component, caused by accepting body parameters in a query. The issue could allow an attacker to obtain sensitive information. IBM states the vulnerability is addr...

Security Bulletin: IBM Planning Analytics Spreadsheet Services is affected by a security vulnerability

Summary The Planning Analytics Spreadsheet Services component of IBM Planning Analytics is affected by a vulnerability. This has been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Spreadsheet Services Release 64. Vulnerability Details CVEID: CVE-2020-4985 DESCRIPTION: IBM...

CVE-2020-4360

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765...

CVE-2020-4503

CVE-2020-4503 affects IBM Planning Analytics Local 2.0 (Planning Analytics Workspace). Root cause is cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted session. The connected IBM bulletin confirms release 53 fixes f...

CVE-2020-4367

CVE-2020-4367 affects IBM Planning Analytics Local 2.0 (Planning Analytics Local) with a vulnerability in cryptographic algorithms described as weaker than expected, potentially allowing decryption of highly sensitive information. The issue is corroborated by multiple sources in the Connected doc...

CVE-2020-4360

IBM Planning Analytics Local 2.0 is affected by a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects IBM Planning Analytics Local 2.0 (Planning Analytics Workspace Releas...

CVE-2020-4366

IBM Planning Analytics Local 2.0 is affected by a cross-site scripting (XSS) vulnerability in the Web UI, which could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Root cause: XSS in the Web UI of Planning Analytics Local 2.0. Affec...