Filtered by vendor Ibm
Subscriptions
Filtered by product Planning Analytics
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4611 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 5.4 Medium |
| IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519. | ||||
| CVE-2022-22308 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 7.8 High |
| IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. | ||||
| CVE-2019-4613 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 8.8 High |
| IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. | ||||
| CVE-2019-4612 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 8.8 High |
| IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. | ||||
| CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 4.3 Medium |
| IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | ||||
| CVE-2021-39047 | 2 Ibm, Netapp | 3 Cognos Analytics, Planning Analytics, Oncommand Insight | 2024-09-16 | 6.1 Medium |
| IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. | ||||
| CVE-2020-4653 | 1 Ibm | 1 Planning Analytics | 2024-09-16 | 6.1 Medium |
| IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2023-42017 | 1 Ibm | 1 Planning Analytics | 2024-08-02 | 8 High |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | ||||