CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4985
https://notcve.org/view.php?id=CVE-2020-4985
14 May 2021 — IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. IBM Planning Analytics Local versión 2.0, podría permitir a un atacante conseguir información confidencial debido a que acepta parámetros de cuerpo en una consulta. IBM X-Force ID: 192642 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192642 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4649
https://notcve.org/view.php?id=CVE-2020-4649
03 Nov 2020 — IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. IBM Planning Analytics Local versión 2.0.9.2 e IBM Planning Analytics Workspace versión 57, podrían exponer datos a usuarios sin privilegios al no invalidar las sesiones de usuario TM1Web. IBM X-Force ID: 186022 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4645
https://notcve.org/view.php?id=CVE-2020-4645
29 Jul 2020 — IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717. IBM Planning Analytics Local versiones 2.0.0 hasta 2.0.9.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Inter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4644
https://notcve.org/view.php?id=CVE-2020-4644
29 Jul 2020 — IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716. IBM Planning Analytics Local versiones 2.0.0 hasta 2.0.9.1, podría permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una víct... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185716 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4503
https://notcve.org/view.php?id=CVE-2020-4503
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4431
https://notcve.org/view.php?id=CVE-2020-4431
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/180761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4367
https://notcve.org/view.php?id=CVE-2020-4367
02 Jun 2020 — IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. IBM Planning Analytics Local versión 2.0, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 179001. • https://exchange.xforce.ibmcloud.com/vulnerabilities/179001 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4366
https://notcve.org/view.php?id=CVE-2020-4366
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4360
https://notcve.org/view.php?id=CVE-2020-4360
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4306
https://notcve.org/view.php?id=CVE-2020-4306
29 May 2020 — IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. IBM Planning Analytics Local versiones 2.0.0 hasta 2.0.9, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •