CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42017 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2023-42017
22 Dec 2023 — IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. IBM Planning Analytics Local 2.0 podría permitir a un atacante remoto cargar archivos arbitrarios, provocados por la validación inadecu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22314
https://notcve.org/view.php?id=CVE-2022-22314
08 Sep 2022 — IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. IBM Planning Analytics Local versiones 2.0, permite que las páginas web sean almacenadas localmente y que otro usuario del sistema pueda leerlas. IBM X-Force ID: 217371 • https://exchange.xforce.ibmcloud.com/vulnerabilities/217371 •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-39047
https://notcve.org/view.php?id=CVE-2021-39047
24 Jun 2022 — IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. IBM Planning Analytics versión 2.0 e IBM Cognos Analytics versiones 11.2.1, 11.2.0 y 11.1.7, son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad perm... • https://exchange.xforce.ibmcloud.com/vulnerabilities/214349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22392
https://notcve.org/view.php?id=CVE-2022-22392
25 Apr 2022 — IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. IBM Planning Analytics Local versión 2.0, podría permitir a un atacante cargar archivos ejecutables arbitrarios que, cuando son ejecutados por una víctima desprevenida, podrían resultar en una ejecución de código. IBM X-Force ID: 222066 • https://exchange.xforce.ibmcloud.com/vulnerabilities/222066 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39040
https://notcve.org/view.php?id=CVE-2021-39040
25 Apr 2022 — IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. IBM Planning Analytics Workspace versión 2.0, podría ser vulnerable a la carga de archivos maliciosos al no comprobar los tipos o tamaños de los archivos. Los atacantes pueden hacer uso de esta debilidad y ca... • https://exchange.xforce.ibmcloud.com/vulnerabilities/214025 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22339
https://notcve.org/view.php?id=CVE-2022-22339
08 Apr 2022 — IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando a una enumeración de la red o f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/219736 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22308
https://notcve.org/view.php?id=CVE-2022-22308
21 Feb 2022 — IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de Inclusión de archivos remota (RFI). La entrada del usuario podría pasar a los comandos de inclusión de archivos y la aplicación web podría ser engañada para incluir archivos remotos con código malici... • https://exchange.xforce.ibmcloud.com/vulnerabilities/216891 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38873
https://notcve.org/view.php?id=CVE-2021-38873
24 Nov 2021 — IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396. IBM Planning Analytics versión 2.0, es potencialmente vulnerable a una inyección de CSV. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, causados por una comprobación incorrecta del contenido de los archivos csv. • https://exchange.xforce.ibmcloud.com/vulnerabilities/208396 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20526
https://notcve.org/view.php?id=CVE-2021-20526
27 Oct 2021 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. IBM Planning Analytics versión 2.0 podría permitir a un atacante remoto conseguir información confidencial, causada por un fallo en la configuración del indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para conseguir infor... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198755 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29853
https://notcve.org/view.php?id=CVE-2021-29853
01 Sep 2021 — IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. IBM Planning Analytics versión 2.0, podría exponer información que podría ser usada para crear ataques al no comprobar los valores de retorno de algunos métodos o funciones. IBM X-Force ID: 205529 • https://exchange.xforce.ibmcloud.com/vulnerabilities/205529 • CWE-252: Unchecked Return Value •