Planning Analytics Local IBM Planning Analytics Local

stack.watch can notify you when security vulnerabilities are reported in IBM Planning Analytics Local. You can add multiple products that you use with Planning Analytics Local to create your own personal software stack watcher.

By the Year

In 2020 there have been 8 vulnerabilities in IBM Planning Analytics Local with an average score of 5.8 out of ten. Last year Planning Analytics Local had 0 security vulnerabilities published. That is, 8 more vulnerabilities have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 8 5.84
2019 0 0.00
2018 1 6.10

It may take a day or so for new Planning Analytics Local vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest IBM Planning Analytics Local Security Vulnerabilities

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim

CVE-2020-4644 5.4 - Medium - July 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.

CVE-2020-4644 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Improper Input Validation

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting

CVE-2020-4645 5.4 - Medium - July 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.

CVE-2020-4645 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4360 5.4 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.

CVE-2020-4360 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4366 6.1 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.

CVE-2020-4366 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms

CVE-2020-4367 7.5 - High - June 02, 2020

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.

CVE-2020-4367 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Use of a Broken or Risky Cryptographic Algorithm

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4431 5.4 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.

CVE-2020-4431 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4503 6.1 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.

CVE-2020-4503 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting

CVE-2020-4306 5.4 - Medium - May 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.

CVE-2020-4306 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting

CVE-2018-1676 6.1 - Medium - July 06, 2018

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.

CVE-2018-1676 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS