NotCVE - vendor:"Ibm" product:"Planning Analytics" version:" >= 2.0 <= 2.0.8"

Page 2 of 28 results (0.017 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-20477

https://notcve.org/view.php?id=CVE-2021-20477

29 Jun 2021 — IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4562

https://notcve.org/view.php?id=CVE-2020-4562

26 Apr 2021 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial al permitir una comunicación entre ventanas con un origen objetivo sin restricciones por medio de tramas de documentación • https://exchange.xforce.ibmcloud.com/vulnerabilities/183904 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4882

https://notcve.org/view.php?id=CVE-2020-4882

22 Mar 2021 — IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852. IBM Planning Analytics versión 2.0 podría ser vulnerable a un ataque de Server-Side Request Forgery (SSRF) al construir unas URL a partir de datos controlados por el usuario. Esto podría permitir a atacantes realizar peticiones arbit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190852 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4953

https://notcve.org/view.php?id=CVE-2020-4953

23 Feb 2021 — IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. IBM Planning Analytics versión 2.0, podría permitir a un atacante autenticado remoto obtener información sobre la estructura interna de una organización al exponer información confidencial en respuestas HTTP. IBM X-Force ID: 192029 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192029 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4881

https://notcve.org/view.php?id=CVE-2020-4881

19 Jan 2021 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial, debido a una falta de comprobación del nombre de host del servidor para la comunicación SSL/TLS... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190851 • CWE-346: Origin Validation Error •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4873

https://notcve.org/view.php?id=CVE-2020-4873

19 Jan 2021 — IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836. IBM Planning Analytics versión 2.0, podría permitir a un atacante obtener información confidencial debido a una política de CORS demasiado permisiva. IBM X-Force ID: 190836 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190836 • CWE-863: Incorrect Authorization •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4871

https://notcve.org/view.php?id=CVE-2020-4871

19 Jan 2021 — IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. IBM Planning Analytics versión 2.0, permite que las páginas web se almacenen localmente, por lo que pueden ser leídas por otro usuario en el sistema. IBM X-Force ID: 190834 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190834 • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-4764

https://notcve.org/view.php?id=CVE-2020-4764

18 Dec 2020 — IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía. IBM X-Force ID: 188898 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188898 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4653

https://notcve.org/view.php?id=CVE-2020-4653

19 Aug 2020 — IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Planning Analytics versión 2.0, podría permitir a un atacan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186082 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4648

https://notcve.org/view.php?id=CVE-2020-4648

19 Aug 2020 — A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. Se presenta una vulnerabilidad en IBM Planning Analytics versión 2.0, por la cual los avatares en Planning Analytics Workspace podrían ser modificados por otros usuarios sin autorización para hacerlo. IBM X-Force ID: 186019. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186019 •

1 2 3