CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4613
https://notcve.org/view.php?id=CVE-2019-4613
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 168524. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 168524. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168524 https://www.ibm.com/support/pages/node/1172860 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 17%CPEs: 1EXPL: 3CVE-2019-4716 – IBM Planning Analytics Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-4716
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. IBM Planning Analytics versiones 2.0.0 hasta 2.0.8, es vulnerable a una sobrescritura de configuración que permite a un usuario no autenticado iniciar sesión como "admin" y luego ejecutar código como root o SYSTEM por medio de scripts TM1. ID de IBM X-Force: 172094. IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. • https://www.exploit-db.com/exploits/48273 http://packetstormsecurity.com/files/156953/IBM-Cognos-TM1-IBM-Planning-Analytics-Server-Configuration-Overwrite-Code-Execution.html http://seclists.org/fulldisclosure/2020/Mar/44 https://exchange.xforce.ibmcloud.com/vulnerabilities/172094 https://www.ibm.com/support/pages/node/1127781 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4612
https://notcve.org/view.php?id=CVE-2019-4612
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523. IBM Planning Analytics versión 2.0, es vulnerable a una carga de archivos maliciosos en el portal My Account. Los atacantes pueden hacer uso de esta debilidad y cargar archivos ejecutables maliciosos hacia el sistema y pueden ser enviados a la víctima para realizar nuevos ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 https://www.ibm.com/support/pages/node/1118565 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4611
https://notcve.org/view.php?id=CVE-2019-4611
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519. IBM Planning Analytics versión 2.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 https://www.ibm.com/support/pages/node/1118565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4134
https://notcve.org/view.php?id=CVE-2019-4134
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281. IBM Planning Analytics versión 2.0, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, y por lo tanto, alterar la funcionalidad deseada que podría conllevar a la revelación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158281 https://www.ibm.com/support/docview.wss?uid=ibm10886607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •