CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42017 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2023-42017
IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. IBM Planning Analytics Local 2.0 podría permitir a un atacante remoto cargar archivos arbitrarios, provocados por la validación inadecuada de las extensiones de archivo. Al enviar una solicitud HTTP especialmente manipulada, un atacante remoto podría aprovechar esta vulnerabilidad para cargar un script malicioso, lo que podría permitir al atacante ejecutar código arbitrario en el sistema vulnerable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 https://www.ibm.com/support/pages/node/7096528 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26024 – IBM Planning Analytics on Cloud Pak for Data information disclosure
https://notcve.org/view.php?id=CVE-2023-26024
IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. IBM Planning Analytics on Cloud Pak for Data 4.0 podría permitir que un atacante en una red compartida obtenga información confidencial causada por una comunicación de red insegura. ID de IBM X-Force: 247898. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247898 https://https://www.ibm.com/support/pages/node/7082784 https://www.ibm.com/support/pages/node/7082784 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28520 – IBM Planning Analytics Local cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28520
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/250454 https://www.ibm.com/support/pages/node/6986639 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22314
https://notcve.org/view.php?id=CVE-2022-22314
IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. IBM Planning Analytics Local versiones 2.0, permite que las páginas web sean almacenadas localmente y que otro usuario del sistema pueda leerlas. IBM X-Force ID: 217371 • https://exchange.xforce.ibmcloud.com/vulnerabilities/217371 https://www.ibm.com/support/pages/node/6615289 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-39047
https://notcve.org/view.php?id=CVE-2021-39047
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. IBM Planning Analytics versión 2.0 e IBM Cognos Analytics versiones 11.2.1, 11.2.0 y 11.1.7, son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/214349 https://security.netapp.com/advisory/ntap-20220729-0002 https://www.ibm.com/support/pages/node/6565099 https://www.ibm.com/support/pages/node/6597241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •