Lucene search

K
IbmPlanning Analytics Local

29 matches found

CVE
CVE
added 2024/05/31 1:15 p.m.76 views

CVE-2024-31907

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.

5.4CVSS6.2AI score0.00199EPSS
CVE
CVE
added 2024/05/31 1:15 p.m.74 views

CVE-2024-31889

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.

5.4CVSS5.2AI score0.00199EPSS
CVE
CVE
added 2019/07/02 3:15 p.m.73 views

CVE-2019-4134

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.

6.1CVSS5.8AI score0.0029EPSS
CVE
CVE
added 2024/05/31 1:15 p.m.60 views

CVE-2024-31908

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 28...

6.4CVSS5.8AI score0.00199EPSS
CVE
CVE
added 2021/09/01 5:15 p.m.50 views

CVE-2021-29851

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.

4.3CVSS4.5AI score0.00089EPSS
CVE
CVE
added 2021/05/17 5:15 p.m.49 views

CVE-2020-4670

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.

9.1CVSS9AI score0.00385EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.43 views

CVE-2020-4503

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.

6.1CVSS6AI score0.00044EPSS
CVE
CVE
added 2025/06/01 12:15 p.m.43 views

CVE-2025-33004

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

6.5CVSS6.3AI score0.00203EPSS
CVE
CVE
added 2025/06/01 12:15 p.m.42 views

CVE-2025-2896

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS4.9AI score0.00029EPSS
CVE
CVE
added 2023/05/12 2:15 a.m.41 views

CVE-2023-28520

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.

6.4CVSS5.3AI score0.00135EPSS
CVE
CVE
added 2025/01/24 4:15 p.m.41 views

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further...

8CVSS6.7AI score0.00048EPSS
CVE
CVE
added 2021/09/01 5:15 p.m.40 views

CVE-2021-29852

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528.

5.4CVSS5.3AI score0.00194EPSS
CVE
CVE
added 2021/09/01 5:15 p.m.40 views

CVE-2021-29853

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

4.3CVSS4.6AI score0.00119EPSS
CVE
CVE
added 2025/01/24 4:15 p.m.40 views

CVE-2024-25034

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks...

8.8CVSS6.7AI score0.00048EPSS
CVE
CVE
added 2024/08/04 1:15 p.m.40 views

CVE-2024-35143

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Forc...

9.1CVSS6.8AI score0.00087EPSS
CVE
CVE
added 2025/06/01 12:15 p.m.40 views

CVE-2025-25044

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.3AI score0.00031EPSS
CVE
CVE
added 2025/06/01 12:15 p.m.40 views

CVE-2025-33005

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

8.8CVSS6.2AI score0.00051EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.37 views

CVE-2020-4431

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.

5.4CVSS5.6AI score0.00236EPSS
CVE
CVE
added 2020/11/03 2:15 p.m.37 views

CVE-2020-4649

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.

4.3CVSS5.3AI score0.00156EPSS
CVE
CVE
added 2018/07/06 2:29 p.m.36 views

CVE-2018-1676

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.

6.1CVSS6AI score0.00166EPSS
CVE
CVE
added 2020/07/29 2:15 p.m.36 views

CVE-2020-4645

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.34 views

CVE-2020-4360

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.

5.4CVSS5.6AI score0.00032EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.34 views

CVE-2020-4366

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.

6.1CVSS6AI score0.00247EPSS
CVE
CVE
added 2021/08/10 2:15 p.m.34 views

CVE-2021-29739

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.

4.9CVSS5AI score0.00138EPSS
CVE
CVE
added 2020/06/02 2:15 p.m.33 views

CVE-2020-4367

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.

7.5CVSS7.6AI score0.00112EPSS
CVE
CVE
added 2021/05/17 5:15 p.m.32 views

CVE-2020-4669

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 18...

9.1CVSS8.9AI score0.00425EPSS
CVE
CVE
added 2021/05/14 5:15 p.m.31 views

CVE-2020-4985

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.

7.5CVSS7AI score0.00209EPSS
CVE
CVE
added 2020/07/29 2:15 p.m.29 views

CVE-2020-4644

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further att...

6.1CVSS5.4AI score0.00339EPSS
CVE
CVE
added 2020/05/29 1:15 p.m.27 views

CVE-2020-4306

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...

5.4CVSS5.3AI score0.00236EPSS