Planning Analytics IBM Planning Analytics

Do you want an email whenever new security vulnerabilities are reported in IBM Planning Analytics?

By the Year

In 2021 there have been 6 vulnerabilities in IBM Planning Analytics with an average score of 5.7 out of ten. Last year Planning Analytics had 5 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2021 as compared to last year. Last year, the average CVE base score was greater by 0.65

Year Vulnerabilities Average Score
2021 6 5.67
2020 5 6.32
2019 5 7.10
2018 0 0.00

It may take a day or so for new Planning Analytics vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Planning Analytics Security Vulnerabilities

IBM Planning Analytics 2.0 could

CVE-2020-4562 5.3 - Medium - April 26, 2021

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.

Information Disclosure

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs

CVE-2020-4882 6.1 - Medium - March 22, 2021

IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.

XSPA

IBM Planning Analytics 2.0 could

CVE-2020-4953 4.3 - Medium - February 23, 2021

IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.

Information Disclosure

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system

CVE-2020-4871 5.5 - Medium - January 19, 2021

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.

Information Disclosure

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy

CVE-2020-4873 5.3 - Medium - January 19, 2021

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.

Information Disclosure

IBM Planning Analytics 2.0 could

CVE-2020-4881 7.5 - High - January 19, 2021

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.

Origin Validation Error

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so

CVE-2020-4648 6.5 - Medium - August 19, 2020

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019.

AuthZ

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack

CVE-2020-4653 6.1 - Medium - August 19, 2020

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Open Redirect

IBM Planning Analytics 2.0 could

CVE-2020-4361 4.3 - Medium - July 20, 2020

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.

Information Disclosure

IBM Planning Analytics 2.0 could

CVE-2020-4527 5.9 - Medium - July 20, 2020

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.

Session Fixation

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2019-4613 8.8 - High - February 05, 2020

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524.

Session Riding

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite

CVE-2019-4716 9.8 - Critical - December 18, 2019

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.

Code Injection

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting

CVE-2019-4611 5.4 - Medium - December 09, 2019

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.

XSS

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal

CVE-2019-4612 8.8 - High - December 09, 2019

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.

Unrestricted File Upload

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting

CVE-2019-4134 6.1 - Medium - July 02, 2019

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.

XSS

IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting

CVE-2018-1933 5.4 - Medium - May 01, 2019

IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153177.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Planning Analytics or by IBM? Click the Watch button to subscribe.

IBM
Vendor

subscribe