53 results (0.009 seconds)

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-40693 – IBM Planning Analytics file upload

https://notcve.org/view.php?id=CVE-2024-40693

24 Jan 2025 — IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. • https://www.ibm.com/support/pages/node/7168387 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-25034 – IBM Planning Analytics file upload

https://notcve.org/view.php?id=CVE-2024-25034

24 Jan 2025 — IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. • https://www.ibm.com/support/pages/node/7168387 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-35143 – IBM Planning Analytics Local missing authentication

https://notcve.org/view.php?id=CVE-2024-35143

04 Aug 2024 — IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31907

https://notcve.org/view.php?id=CVE-2024-31907

31 May 2024 — IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. IBM Planning Analytics Local 2.0 y 2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcion... • https://exchange.xforce.ibmcloud.com/vulnerabilities/289889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31908 – IBM Planning Analytics Local cross-site scripting

https://notcve.org/view.php?id=CVE-2024-31908

31 May 2024 — IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. IBM Planning Analytics Local 2.0 y 2.1 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, altera... • https://exchange.xforce.ibmcloud.com/vulnerabilities/289890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31889 – IBM Planning Analytics Local cross-site scripting

https://notcve.org/view.php?id=CVE-2024-31889

31 May 2024 — IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. IBM Planning Analytics Local 2.0 y 2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcion... • https://exchange.xforce.ibmcloud.com/vulnerabilities/288136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-42017 – IBM Planning Analytics file upload

https://notcve.org/view.php?id=CVE-2023-42017

22 Dec 2023 — IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. IBM Planning Analytics Local 2.0 podría permitir a un atacante remoto cargar archivos arbitrarios, provocados por la validación inadecu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-26024 – IBM Planning Analytics on Cloud Pak for Data information disclosure

https://notcve.org/view.php?id=CVE-2023-26024

01 Dec 2023 — IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898. IBM Planning Analytics on Cloud Pak for Data 4.0 podría permitir que un atacante en una red compartida obtenga información confidencial causada por una comunicación de red insegura. ID de IBM X-Force: 247898. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247898 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-28520 – IBM Planning Analytics Local cross-site scripting

https://notcve.org/view.php?id=CVE-2023-28520

12 May 2023 — IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/250454 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-22314

https://notcve.org/view.php?id=CVE-2022-22314

08 Sep 2022 — IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371. IBM Planning Analytics Local versiones 2.0, permite que las páginas web sean almacenadas localmente y que otro usuario del sistema pueda leerlas. IBM X-Force ID: 217371 • https://exchange.xforce.ibmcloud.com/vulnerabilities/217371 •