CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4503
https://notcve.org/view.php?id=CVE-2020-4503
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4431
https://notcve.org/view.php?id=CVE-2020-4431
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/180761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4367
https://notcve.org/view.php?id=CVE-2020-4367
02 Jun 2020 — IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. IBM Planning Analytics Local versión 2.0, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 179001. • https://exchange.xforce.ibmcloud.com/vulnerabilities/179001 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4366
https://notcve.org/view.php?id=CVE-2020-4366
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4360
https://notcve.org/view.php?id=CVE-2020-4360
02 Jun 2020 — IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4306
https://notcve.org/view.php?id=CVE-2020-4306
29 May 2020 — IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735. IBM Planning Analytics Local versiones 2.0.0 hasta 2.0.9, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4613
https://notcve.org/view.php?id=CVE-2019-4613
05 Feb 2020 — IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 168524. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168524 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 82%CPEs: 1EXPL: 4CVE-2019-4716 – IBM Planning Analytics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-4716
18 Dec 2019 — IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. IBM Planning Analytics versiones 2.0.0 hasta 2.0.8, es vulnerable a una sobrescritura de configuración que permite a un usuario no autenticado iniciar sesión como "admin" y luego ejecutar código como root o SYSTEM por medio de scripts TM1. ID de IBM X-Force: 172094. IBM Planning Analyt... • https://packetstorm.news/files/id/156953 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4612
https://notcve.org/view.php?id=CVE-2019-4612
09 Dec 2019 — IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. IBM Planning Analytics versión 2.0, es vulnerable a una carga de archivos maliciosos en el portal My Account. Los atacantes pueden hacer uso de esta debilidad y cargar archivos ejecutables maliciosos hacia el sistema y pueden ser enviados a ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4611
https://notcve.org/view.php?id=CVE-2019-4611
09 Dec 2019 — IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519. IBM Planning Analytics versión 2.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •