CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42017 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2023-42017
22 Dec 2023 — IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. IBM Planning Analytics Local 2.0 podría permitir a un atacante remoto cargar archivos arbitrarios, provocados por la validación inadecu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/265567 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-39047
https://notcve.org/view.php?id=CVE-2021-39047
24 Jun 2022 — IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. IBM Planning Analytics versión 2.0 e IBM Cognos Analytics versiones 11.2.1, 11.2.0 y 11.1.7, son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad perm... • https://exchange.xforce.ibmcloud.com/vulnerabilities/214349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22339
https://notcve.org/view.php?id=CVE-2022-22339
08 Apr 2022 — IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando a una enumeración de la red o f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/219736 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22308
https://notcve.org/view.php?id=CVE-2022-22308
21 Feb 2022 — IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de Inclusión de archivos remota (RFI). La entrada del usuario podría pasar a los comandos de inclusión de archivos y la aplicación web podría ser engañada para incluir archivos remotos con código malici... • https://exchange.xforce.ibmcloud.com/vulnerabilities/216891 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38873
https://notcve.org/view.php?id=CVE-2021-38873
24 Nov 2021 — IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396. IBM Planning Analytics versión 2.0, es potencialmente vulnerable a una inyección de CSV. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, causados por una comprobación incorrecta del contenido de los archivos csv. • https://exchange.xforce.ibmcloud.com/vulnerabilities/208396 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20526
https://notcve.org/view.php?id=CVE-2021-20526
27 Oct 2021 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755. IBM Planning Analytics versión 2.0 podría permitir a un atacante remoto conseguir información confidencial, causada por un fallo en la configuración del indicador HTTPOnly. Un atacante remoto podría aprovechar esta vulnerabilidad para conseguir infor... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198755 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29853
https://notcve.org/view.php?id=CVE-2021-29853
01 Sep 2021 — IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. IBM Planning Analytics versión 2.0, podría exponer información que podría ser usada para crear ataques al no comprobar los valores de retorno de algunos métodos o funciones. IBM X-Force ID: 205529 • https://exchange.xforce.ibmcloud.com/vulnerabilities/205529 • CWE-252: Unchecked Return Value •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29852
https://notcve.org/view.php?id=CVE-2021-29852
01 Sep 2021 — IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528. IBM Planning Analytics versión 2.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205528 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29851
https://notcve.org/view.php?id=CVE-2021-29851
01 Sep 2021 — IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto conseguir información confidencial cuando se devuelve un rastro de pila en el navegador. IBM X-Force ID: 205527 • https://exchange.xforce.ibmcloud.com/vulnerabilities/205527 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20580
https://notcve.org/view.php?id=CVE-2021-20580
29 Jun 2021 — IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241. IBM Planning Analytics versión 2.0, podría ser vulnerable a un ataque de tipo cross-site request forgery (CSRF), lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 198241 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198241 • CWE-352: Cross-Site Request Forgery (CSRF) •