Lucene search
+L
IbmPlanning Analytics

30 matches found

CVE
CVE
added 2019/12/18 4:15 p.m.1096 views

CVE-2019-4716

IBM Planning Analytics (PA) versions 2.0.0–2.0.8 are vulnerable to a configuration overwrite that lets an unauthenticated attacker log in as admin and execute code as root/SYSTEM via TM1 scripting, potentially fully compromising the host. IBM remediation is to upgrade to PA 2.0.9 or apply availab...

10CVSS8.8AI score0.86441EPSS
In wild
CVE
CVE
added 2022/04/08 3:30 p.m.117 views

CVE-2022-22339

CVE-2022-22339 concerns IBM Planning Analytics 2.0 and is a server-side request forgery (SSRF) vulnerability. An authenticated attacker could issue unauthorized requests from the affected system, enabling network enumeration or facilitating other attacks. The bulletin indicates the vulnerability ...

7.3CVSS7.4AI score0.00623EPSS
CVE
CVE
added 2022/02/21 6:10 p.m.111 views

CVE-2022-22308

IBM Planning Analytics 2.0 (Planning Analytics Workspace 2.0) is affected by a Remote File Include (RFI) issue. Affected component is the web layer where user input can be injected into file include commands, potentially causing the application to include remote files with malicious code. Public ...

7.8CVSS7.7AI score0.00748EPSS
CVE
CVE
added 2022/06/24 3:35 p.m.91 views

CVE-2021-39047

CVE-2021-39047 affects IBM Planning Analytics 2.0 and IBM Cognos Analytics (11.1.x–11.2.x). The issue is a cross-site scripting (XSS) vulnerability in the Web UI that could let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediat...

6.1CVSS5.9AI score0.0085EPSS
CVE
CVE
added 2019/07/02 3:5 p.m.87 views

CVE-2019-4134

IBM Planning Analytics 2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the Web UI that could let an attacker embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue is identified as CVE-2019-4134. IBM’s security bulletin notes a CVSS v3.0 b...

6.1CVSS5.8AI score0.00901EPSS
CVE
CVE
added 2021/09/01 4:20 p.m.64 views

CVE-2021-29851

CVE-2021-29851 affects IBM Planning Analytics Local 2.0 (Planning Analytics Local, 2.0). A vulnerability allows a remote attacker to obtain sensitive information when a stack trace is returned in the browser, i.e., an information disclosure. Public sources in the connected documents corroborate a...

4.3CVSS4.5AI score0.01055EPSS
CVE
CVE
added 2023/12/22 4:2 p.m.60 views

CVE-2023-42017

Summary: CVE-2023-42017 affects IBM Planning Analytics Local 2.0, where improper validation of file extensions enables a remote attacker to upload arbitrary files via a crafted HTTP request, potentially allowing execution of arbitrary code on the vulnerable system. Affected product/component: IBM...

9.8CVSS8.9AI score0.01073EPSS
CVE
CVE
added 2025/01/24 3:25 p.m.58 views

CVE-2024-25034

CVE-2024-25034 affects IBM Planning Analytics 2.0 and 2.1, where the File Manager T1 process does not validate file types, allowing upload of executable/malicious files. IBM’s Security Bulletin notes this as a Malicious File Upload vulnerability (CWE-434) with high impact (CVE has base scores up ...

8.8CVSS6.7AI score0.00377EPSS
CVE
CVE
added 2021/03/22 5:0 p.m.56 views

CVE-2020-4882

CVE-2020-4882 affects IBM Planning Analytics 2.0. The vulnerability is a Server-Side Request Forgery (SSRF) where an attacker can construct URLs from user-controlled data to issue arbitrary requests within the internal network or to the local filesystem. This is tied to IBM Planning Analytics 2.0...

6.1CVSS6AI score0.00711EPSS
CVE
CVE
added 2021/09/01 4:20 p.m.56 views

CVE-2021-29852

CVE-2021-29852 affects IBM Planning Analytics Local 2.0; a cross-site scripting flaw in the Web UI could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected: IBM Planning Analytics Local 2.0 (Planning Analytics Workspace). Root cause: XSS i...

5.4CVSS5.3AI score0.00532EPSS
CVE
CVE
added 2021/06/29 3:50 p.m.55 views

CVE-2021-20580

CVE-2021-20580 affects IBM Planning Analytics 2.0. The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to perform malicious, unauthorized actions transmitted from a trusted user. The CVSS 3.1 base score is 4.3 (NETWORK, LOW complexity, UI:R). IBM’s Security Bulle...

4.3CVSS5AI score0.00377EPSS
CVE
CVE
added 2021/02/23 3:20 p.m.54 views

CVE-2020-4953

IBM Planning Analytics 2.0 is affected by CVE-2020-4953, an information-disclosure vulnerability where a remote authenticated attacker could obtain internal-structure details via sensitive data exposed in HTTP responses. Root cause: information disclosure due to exposed data in HTTP responses. Ex...

4.3CVSS4.7AI score0.01068EPSS
CVE
CVE
added 2021/09/01 4:20 p.m.54 views

CVE-2021-29853

CVE-2021-29853 affects IBM Planning Analytics 2.0 (Local) where information disclosure can occur due to not validating return values from certain methods or functions. Root cause: failure to validate return values, enabling exposure of sensitive information. Impact: information disclosure, with C...

4.3CVSS4.6AI score0.00781EPSS
CVE
CVE
added 2020/08/19 12:35 p.m.53 views

CVE-2020-4648

CVE-2020-4648 affects IBM Planning Analytics 2.0, specifically Planning Analytics Workspace where avatars could be modified by other users without authorization. Root cause details are not fully disclosed in the provided documents, but IBM’s Security Bulletin notes multiple vulnerabilities in Pla...

6.5CVSS6.3AI score0.00891EPSS
CVE
CVE
added 2020/08/19 12:35 p.m.53 views

CVE-2020-4653

Summary: CVE-2020-4653 affects IBM Planning Analytics 2.0.x. The vulnerability is an open redirect in Planning Analytics (Workspace) that could allow a remote attacker, by enticing a user to visit a crafted site, to spoof the URL and redirect to a malicious site, potentially exposing sensitive in...

6.8CVSS6.1AI score0.00707EPSS
CVE
CVE
added 2019/05/01 3:15 p.m.52 views

CVE-2018-1933

CVE-2018-1933 affects IBM Planning Analytics 2.0 through 2.0.6, with a cross-site scripting vulnerability in the Web UI that could allow an attacker to inject JavaScript and potentially disclose credentials within a trusted session. The IBM Security Bulletin notes remediation in IBM Planning Anal...

5.4CVSS5.6AI score0.00955EPSS
CVE
CVE
added 2025/01/24 3:26 p.m.52 views

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 are vulnerable to a malicious file upload via the web interface due to lack of content validation. This could allow uploading executable files leading to compromise of victims. Remediation per IBM Security Bulletin: upgrade to IBM Planning Analytics Workspace re...

8CVSS6.7AI score0.00374EPSS
CVE
CVE
added 2020/12/18 3:0 p.m.50 views

CVE-2020-4764

CVE-2020-4764 affects IBM Planning Analytics 2.0, vulnerable to Cross-Site Request Forgery (CSRF) that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The IBM Security Bulletin confirms remediation in IBM Planning Analytics 2.0 with the release of L...

6.5CVSS6.4AI score0.00398EPSS
CVE
CVE
added 2021/11/24 4:15 p.m.48 views

CVE-2021-38873

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection due to improper validation of CSV content, enabling a remote attacker to execute arbitrary commands on the system. The affected product is IBM Planning Analytics 2.0 (Local), with remediation through applying the latest securit...

9.3CVSS8AI score0.01751EPSS
CVE
CVE
added 2019/12/09 10:30 p.m.47 views

CVE-2019-4611

CVE-2019-4611 affects IBM Planning Analytics 2.0. It is a cross-site scripting vulnerability in the Web UI that allows an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The CVSS v3.1 base score is 5.4 (MEDIUM). Mitigation: IBM repor...

5.4CVSS5.5AI score0.00561EPSS
CVE
CVE
added 2019/12/09 10:30 p.m.47 views

CVE-2019-4612

CVE-2019-4612 affects IBM Planning Analytics Workspace (IBM Planning Analytics Local 2.0, Workspace Release 47). The vulnerability enables malicious file uploads via the My Account Portal, allowing attackers to upload executable files that could be delivered to victims for further attacks. Root c...

8.8CVSS8.3AI score0.00955EPSS
CVE
CVE
added 2020/02/05 3:20 p.m.47 views

CVE-2019-4613

CVE-2019-4613 concerns a Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0. The IBM Planning Analytics Planning Analytics Workspace component is implicated, enabling an attacker to cause malicious, unauthorized actions transmitted from a trusted user’s session. The iss...

8.8CVSS8.4AI score0.00527EPSS
CVE
CVE
added 2020/07/20 2:5 p.m.46 views

CVE-2020-4361

IBM Planning Analytics 2.0 is affected by an information-disclosure vulnerability where a remote attacker could cause private IP addresses to be exposed in HTTP responses. The issue affects the Planning Analytics Local / Workspace component of IBM Planning Analytics 2.0, with root cause described...

4.3CVSS4.5AI score0.00994EPSS
CVE
CVE
added 2020/07/20 2:5 p.m.46 views

CVE-2020-4527

IBM Planning Analytics 2.0 contains a vulnerability where the Secure flag is not set for the session cookie in TLS mode, enabling potential remote interception of the cookie and exposure of sensitive information. The issue is documented as CVE-2020-4527 with a CVSSv3 base score of 5.9 (NETWORK, H...

5.9CVSS5.4AI score0.01331EPSS
CVE
CVE
added 2021/01/19 3:20 p.m.46 views

CVE-2020-4873

CVE-2020-4873 affects IBM Planning Analytics 2.0. The vulnerability arises from an overly permissive CORS policy that could permit an attacker to obtain sensitive information from affected components. Documentation from IBM notes this under Planning Analytics Workspace vulnerabilities and referen...

5.3CVSS5.5AI score0.00999EPSS
CVE
CVE
added 2021/01/19 3:20 p.m.45 views

CVE-2020-4871

IBM Planning Analytics 2.0 is affected by CVE-2020-4871, an information-disclosure vulnerability where web pages can be stored locally and read by another user on the same system. This could expose user data. CVSS3.1 base score 5.5 (LOCAL, LOW complexity, NONE user interaction) with HIGH confiden...

5.5CVSS5.3AI score0.00324EPSS
CVE
CVE
added 2021/06/29 3:50 p.m.44 views

CVE-2021-20477

CVE-2021-20477: IBM Planning Analytics 2.0 (Local) is affected by a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially expose credentials within a trusted session. The issue is triggered via the Web UI in Planning Analytics Local, with...

5.4CVSS5.2AI score0.00502EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.44 views

CVE-2021-20526

IBM Planning Analytics 2.0 (Local) is affected by an information disclosure vulnerability caused by not setting the HTTPOnly flag on cookies. A remote attacker could obtain sensitive information from cookies due to this flaw. Remediation provided in the connected materials recommends applying the...

5.3CVSS5.2AI score0.01075EPSS
CVE
CVE
added 2021/01/19 3:20 p.m.43 views

CVE-2020-4881

CVE-2020-4881 affects IBM Planning Analytics 2.0. The root cause is the lack of server hostname verification in SSL/TLS communications, enabling a remote attacker to obtain sensitive information via a specially crafted request. Affected product: IBM Planning Analytics 2.0 (Planning Analytics Work...

7.5CVSS7.2AI score0.0092EPSS
CVE
CVE
added 2021/04/26 4:30 p.m.37 views

CVE-2020-4562

Summary: CVE-2020-4562 affects IBM Planning Analytics 2.0 (Local) in the Planning Analytics Workspace component. A vulnerability allows a remote attacker to obtain sensitive information via cross-window communication with an unrestricted target origin in documentation frames. The root cause is an...

5.3CVSS4.9AI score0.01275EPSS