Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Planning Analytics
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-4653 1 Ibm 1 Planning Analytics 2020-08-25 5.8 MEDIUM 6.1 MEDIUM
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2020-4527 1 Ibm 1 Planning Analytics 2020-07-22 4.3 MEDIUM 5.9 MEDIUM
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.
CVE-2020-4361 1 Ibm 1 Planning Analytics 2020-07-22 4.0 MEDIUM 4.3 MEDIUM
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.
CVE-2019-4613 1 Ibm 1 Planning Analytics 2020-02-06 6.8 MEDIUM 8.8 HIGH
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.
CVE-2019-4611 1 Ibm 1 Planning Analytics 2019-12-10 3.5 LOW 5.4 MEDIUM
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612 1 Ibm 1 Planning Analytics 2019-12-10 6.5 MEDIUM 8.8 HIGH
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2018-1933 1 Ibm 1 Planning Analytics 2019-05-08 3.5 LOW 5.4 MEDIUM
IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.