30 matches found
CVE-2019-4716
IBM Planning Analytics (PA) versions 2.0.0–2.0.8 are vulnerable to a configuration overwrite that lets an unauthenticated attacker log in as admin and execute code as root/SYSTEM via TM1 scripting, potentially fully compromising the host. IBM remediation is to upgrade to PA 2.0.9 or apply availab...
CVE-2022-22339
CVE-2022-22339 concerns IBM Planning Analytics 2.0 and is a server-side request forgery (SSRF) vulnerability. An authenticated attacker could issue unauthorized requests from the affected system, enabling network enumeration or facilitating other attacks. The bulletin indicates the vulnerability ...
CVE-2022-22308
IBM Planning Analytics 2.0 (Planning Analytics Workspace 2.0) is affected by a Remote File Include (RFI) issue. Affected component is the web layer where user input can be injected into file include commands, potentially causing the application to include remote files with malicious code. Public ...
CVE-2021-39047
CVE-2021-39047 affects IBM Planning Analytics 2.0 and IBM Cognos Analytics (11.1.x–11.2.x). The issue is a cross-site scripting (XSS) vulnerability in the Web UI that could let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediat...
CVE-2019-4134
IBM Planning Analytics 2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the Web UI that could let an attacker embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue is identified as CVE-2019-4134. IBM’s security bulletin notes a CVSS v3.0 b...
CVE-2021-29851
CVE-2021-29851 affects IBM Planning Analytics Local 2.0 (Planning Analytics Local, 2.0). A vulnerability allows a remote attacker to obtain sensitive information when a stack trace is returned in the browser, i.e., an information disclosure. Public sources in the connected documents corroborate a...
CVE-2023-42017
Summary: CVE-2023-42017 affects IBM Planning Analytics Local 2.0, where improper validation of file extensions enables a remote attacker to upload arbitrary files via a crafted HTTP request, potentially allowing execution of arbitrary code on the vulnerable system. Affected product/component: IBM...
CVE-2024-25034
CVE-2024-25034 affects IBM Planning Analytics 2.0 and 2.1, where the File Manager T1 process does not validate file types, allowing upload of executable/malicious files. IBM’s Security Bulletin notes this as a Malicious File Upload vulnerability (CWE-434) with high impact (CVE has base scores up ...
CVE-2020-4882
CVE-2020-4882 affects IBM Planning Analytics 2.0. The vulnerability is a Server-Side Request Forgery (SSRF) where an attacker can construct URLs from user-controlled data to issue arbitrary requests within the internal network or to the local filesystem. This is tied to IBM Planning Analytics 2.0...
CVE-2021-29852
CVE-2021-29852 affects IBM Planning Analytics Local 2.0; a cross-site scripting flaw in the Web UI could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected: IBM Planning Analytics Local 2.0 (Planning Analytics Workspace). Root cause: XSS i...
CVE-2021-20580
CVE-2021-20580 affects IBM Planning Analytics 2.0. The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to perform malicious, unauthorized actions transmitted from a trusted user. The CVSS 3.1 base score is 4.3 (NETWORK, LOW complexity, UI:R). IBM’s Security Bulle...
CVE-2020-4953
IBM Planning Analytics 2.0 is affected by CVE-2020-4953, an information-disclosure vulnerability where a remote authenticated attacker could obtain internal-structure details via sensitive data exposed in HTTP responses. Root cause: information disclosure due to exposed data in HTTP responses. Ex...
CVE-2021-29853
CVE-2021-29853 affects IBM Planning Analytics 2.0 (Local) where information disclosure can occur due to not validating return values from certain methods or functions. Root cause: failure to validate return values, enabling exposure of sensitive information. Impact: information disclosure, with C...
CVE-2020-4648
CVE-2020-4648 affects IBM Planning Analytics 2.0, specifically Planning Analytics Workspace where avatars could be modified by other users without authorization. Root cause details are not fully disclosed in the provided documents, but IBM’s Security Bulletin notes multiple vulnerabilities in Pla...
CVE-2020-4653
Summary: CVE-2020-4653 affects IBM Planning Analytics 2.0.x. The vulnerability is an open redirect in Planning Analytics (Workspace) that could allow a remote attacker, by enticing a user to visit a crafted site, to spoof the URL and redirect to a malicious site, potentially exposing sensitive in...
CVE-2018-1933
CVE-2018-1933 affects IBM Planning Analytics 2.0 through 2.0.6, with a cross-site scripting vulnerability in the Web UI that could allow an attacker to inject JavaScript and potentially disclose credentials within a trusted session. The IBM Security Bulletin notes remediation in IBM Planning Anal...
CVE-2024-40693
IBM Planning Analytics 2.0 and 2.1 are vulnerable to a malicious file upload via the web interface due to lack of content validation. This could allow uploading executable files leading to compromise of victims. Remediation per IBM Security Bulletin: upgrade to IBM Planning Analytics Workspace re...
CVE-2020-4764
CVE-2020-4764 affects IBM Planning Analytics 2.0, vulnerable to Cross-Site Request Forgery (CSRF) that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The IBM Security Bulletin confirms remediation in IBM Planning Analytics 2.0 with the release of L...
CVE-2021-38873
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection due to improper validation of CSV content, enabling a remote attacker to execute arbitrary commands on the system. The affected product is IBM Planning Analytics 2.0 (Local), with remediation through applying the latest securit...
CVE-2019-4611
CVE-2019-4611 affects IBM Planning Analytics 2.0. It is a cross-site scripting vulnerability in the Web UI that allows an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The CVSS v3.1 base score is 5.4 (MEDIUM). Mitigation: IBM repor...
CVE-2019-4612
CVE-2019-4612 affects IBM Planning Analytics Workspace (IBM Planning Analytics Local 2.0, Workspace Release 47). The vulnerability enables malicious file uploads via the My Account Portal, allowing attackers to upload executable files that could be delivered to victims for further attacks. Root c...
CVE-2019-4613
CVE-2019-4613 concerns a Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0. The IBM Planning Analytics Planning Analytics Workspace component is implicated, enabling an attacker to cause malicious, unauthorized actions transmitted from a trusted user’s session. The iss...
CVE-2020-4361
IBM Planning Analytics 2.0 is affected by an information-disclosure vulnerability where a remote attacker could cause private IP addresses to be exposed in HTTP responses. The issue affects the Planning Analytics Local / Workspace component of IBM Planning Analytics 2.0, with root cause described...
CVE-2020-4527
IBM Planning Analytics 2.0 contains a vulnerability where the Secure flag is not set for the session cookie in TLS mode, enabling potential remote interception of the cookie and exposure of sensitive information. The issue is documented as CVE-2020-4527 with a CVSSv3 base score of 5.9 (NETWORK, H...
CVE-2020-4873
CVE-2020-4873 affects IBM Planning Analytics 2.0. The vulnerability arises from an overly permissive CORS policy that could permit an attacker to obtain sensitive information from affected components. Documentation from IBM notes this under Planning Analytics Workspace vulnerabilities and referen...
CVE-2020-4871
IBM Planning Analytics 2.0 is affected by CVE-2020-4871, an information-disclosure vulnerability where web pages can be stored locally and read by another user on the same system. This could expose user data. CVSS3.1 base score 5.5 (LOCAL, LOW complexity, NONE user interaction) with HIGH confiden...
CVE-2021-20477
CVE-2021-20477: IBM Planning Analytics 2.0 (Local) is affected by a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially expose credentials within a trusted session. The issue is triggered via the Web UI in Planning Analytics Local, with...
CVE-2021-20526
IBM Planning Analytics 2.0 (Local) is affected by an information disclosure vulnerability caused by not setting the HTTPOnly flag on cookies. A remote attacker could obtain sensitive information from cookies due to this flaw. Remediation provided in the connected materials recommends applying the...
CVE-2020-4881
CVE-2020-4881 affects IBM Planning Analytics 2.0. The root cause is the lack of server hostname verification in SSL/TLS communications, enabling a remote attacker to obtain sensitive information via a specially crafted request. Affected product: IBM Planning Analytics 2.0 (Planning Analytics Work...
CVE-2020-4562
Summary: CVE-2020-4562 affects IBM Planning Analytics 2.0 (Local) in the Planning Analytics Workspace component. A vulnerability allows a remote attacker to obtain sensitive information via cross-window communication with an unrestricted target origin in documentation frames. The root cause is an...