IBM Planning Analytics Local
By the Year
In 2020 there have been 8 vulnerabilities in IBM Planning Analytics Local with an average score of 5.8 out of ten. Last year Planning Analytics Local had 0 security vulnerabilities published. That is, 8 more vulnerabilities have already been reported in 2020 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 8 | 5.84 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 6.10 |
It may take a day or so for new Planning Analytics Local vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest IBM Planning Analytics Local Security Vulnerabilities
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim
CVE-2020-4644
5.4 - Medium
- July 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.
CVE-2020-4644 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting
CVE-2020-4645
5.4 - Medium
- July 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.
CVE-2020-4645 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4360
5.4 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.
CVE-2020-4360 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4366
6.1 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.
CVE-2020-4366 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms
CVE-2020-4367
7.5 - High
- June 02, 2020
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.
CVE-2020-4367 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Use of a Broken or Risky Cryptographic Algorithm
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4431
5.4 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.
CVE-2020-4431 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4503
6.1 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.
CVE-2020-4503 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting
CVE-2020-4306
5.4 - Medium
- May 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.
CVE-2020-4306 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting
CVE-2018-1676
6.1 - Medium
- July 06, 2018
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.
CVE-2018-1676 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
XSS