CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4764
https://notcve.org/view.php?id=CVE-2020-4764
18 Dec 2020 — IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía. IBM X-Force ID: 188898 • https://exchange.xforce.ibmcloud.com/vulnerabilities/188898 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4653
https://notcve.org/view.php?id=CVE-2020-4653
19 Aug 2020 — IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Planning Analytics versión 2.0, podría permitir a un atacan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186082 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4648
https://notcve.org/view.php?id=CVE-2020-4648
19 Aug 2020 — A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. Se presenta una vulnerabilidad en IBM Planning Analytics versión 2.0, por la cual los avatares en Planning Analytics Workspace podrían ser modificados por otros usuarios sin autorización para hacerlo. IBM X-Force ID: 186019. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186019 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4527
https://notcve.org/view.php?id=CVE-2020-4527
20 Jul 2020 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial, causado por el fallo al ajustar el flag Secure para ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182631 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4361
https://notcve.org/view.php?id=CVE-2020-4361
20 Jul 2020 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial al divulgar direcciones IP privadas en respuestas HTTP. IBM X-Force ID: 178766 • https://exchange.xforce.ibmcloud.com/vulnerabilities/178766 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4613
https://notcve.org/view.php?id=CVE-2019-4613
05 Feb 2020 — IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 168524. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168524 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 82%CPEs: 1EXPL: 4CVE-2019-4716 – IBM Planning Analytics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-4716
18 Dec 2019 — IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. IBM Planning Analytics versiones 2.0.0 hasta 2.0.8, es vulnerable a una sobrescritura de configuración que permite a un usuario no autenticado iniciar sesión como "admin" y luego ejecutar código como root o SYSTEM por medio de scripts TM1. ID de IBM X-Force: 172094. IBM Planning Analyt... • https://packetstorm.news/files/id/156953 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4612
https://notcve.org/view.php?id=CVE-2019-4612
09 Dec 2019 — IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. IBM Planning Analytics versión 2.0, es vulnerable a una carga de archivos maliciosos en el portal My Account. Los atacantes pueden hacer uso de esta debilidad y cargar archivos ejecutables maliciosos hacia el sistema y pueden ser enviados a ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4611
https://notcve.org/view.php?id=CVE-2019-4611
09 Dec 2019 — IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519. IBM Planning Analytics versión 2.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4134
https://notcve.org/view.php?id=CVE-2019-4134
02 Jul 2019 — IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. IBM Planning Analytics versión 2.0, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, y por lo tanto, altera... • https://exchange.xforce.ibmcloud.com/vulnerabilities/158281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •