CVE-2020-4645
https://notcve.org/view.php?id=CVE-2020-4645
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717. IBM Planning Analytics Local versiones 2.0.0 hasta 2.0.9.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/185717 https://www.ibm.com/support/pages/node/6253355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4644
https://notcve.org/view.php?id=CVE-2020-4644
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716. IBM Planning Analytics Local versiones 2.0.0 hasta 2.0.9.1, podría permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente iniciar nuevos ataques contra la víctima. • https://exchange.xforce.ibmcloud.com/vulnerabilities/185716 https://www.ibm.com/support/pages/node/6253355 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2020-4527
https://notcve.org/view.php?id=CVE-2020-4527
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial, causado por el fallo al ajustar el flag Secure para la cookie de sesión en modo TLS. Al interceptar su transmisión dentro de una sesión HTTP, un atacante podría explotar esta vulnerabilidad para capturar la cookie y obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182631 https://www.ibm.com/support/pages/node/6249981 • CWE-384: Session Fixation •
CVE-2020-4361
https://notcve.org/view.php?id=CVE-2020-4361
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial al divulgar direcciones IP privadas en respuestas HTTP. IBM X-Force ID: 178766 • https://exchange.xforce.ibmcloud.com/vulnerabilities/178766 https://www.ibm.com/support/pages/node/6249981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-4503
https://notcve.org/view.php?id=CVE-2020-4503
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. IBM Planning Analytics Local versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182283 https://www.ibm.com/support/pages/node/6214472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •