IBM Planning Analytics Local
By the Year
In 2024 there have been 0 vulnerabilities in IBM Planning Analytics Local . Last year Planning Analytics Local had 1 security vulnerability published. Right now, Planning Analytics Local is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.40 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 7.65 |
| 2020 | 9 | 5.67 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.10 |
It may take a day or so for new Planning Analytics Local vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Planning Analytics Local Security Vulnerabilities
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting
CVE-2023-28520
5.4 - Medium
- May 12, 2023
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
XSS
IBM Planning Analytics Local 2.0 could
CVE-2021-29739
4.9 - Medium
- August 10, 2021
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.
Unchecked Return Value
IBM Planning Analytics Local 2.0 connects to a Redis server
CVE-2020-4670
9.1 - Critical
- May 17, 2021
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.
authentification
IBM Planning Analytics Local 2.0 connects to a MongoDB server
CVE-2020-4669
9.1 - Critical
- May 17, 2021
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.
AuthZ
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query
CVE-2020-4985
7.5 - High
- May 14, 2021
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
Information Disclosure
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions
CVE-2020-4649
4.3 - Medium
- November 03, 2020
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.
Information Disclosure
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim
CVE-2020-4644
5.4 - Medium
- July 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.
Improper Input Validation
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting
CVE-2020-4645
5.4 - Medium
- July 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4360
5.4 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4366
6.1 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.
XSS
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms
CVE-2020-4367
7.5 - High
- June 02, 2020
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.
Use of a Broken or Risky Cryptographic Algorithm
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4431
5.4 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4503
6.1 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.
XSS
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting
CVE-2020-4306
5.4 - Medium
- May 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.
XSS
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting
CVE-2018-1676
6.1 - Medium
- July 06, 2018
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Planning Analytics Local or by IBM? Click the Watch button to subscribe.
