CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40693 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2024-40693
24 Jan 2025 — IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. • https://www.ibm.com/support/pages/node/7168387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25034 – IBM Planning Analytics file upload
https://notcve.org/view.php?id=CVE-2024-25034
24 Jan 2025 — IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. • https://www.ibm.com/support/pages/node/7168387 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35143 – IBM Planning Analytics Local missing authentication
https://notcve.org/view.php?id=CVE-2024-35143
04 Aug 2024 — IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420. • https://exchange.xforce.ibmcloud.com/vulnerabilities/292420 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31907
https://notcve.org/view.php?id=CVE-2024-31907
31 May 2024 — IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. IBM Planning Analytics Local 2.0 y 2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcion... • https://exchange.xforce.ibmcloud.com/vulnerabilities/289889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31908 – IBM Planning Analytics Local cross-site scripting
https://notcve.org/view.php?id=CVE-2024-31908
31 May 2024 — IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. IBM Planning Analytics Local 2.0 y 2.1 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, altera... • https://exchange.xforce.ibmcloud.com/vulnerabilities/289890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31889 – IBM Planning Analytics Local cross-site scripting
https://notcve.org/view.php?id=CVE-2024-31889
31 May 2024 — IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. IBM Planning Analytics Local 2.0 y 2.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcion... • https://exchange.xforce.ibmcloud.com/vulnerabilities/288136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28520 – IBM Planning Analytics Local cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28520
12 May 2023 — IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/250454 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29739
https://notcve.org/view.php?id=CVE-2021-29739
10 Aug 2021 — IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. IBM Planning Analytics Local versión 2.0, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto una traza de pila en el navegador. X-Force ID: 198846 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198846 • CWE-252: Unchecked Return Value •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4670
https://notcve.org/view.php?id=CVE-2020-4670
17 May 2021 — IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. IBM Planning Analytics Local versión 2.0, se conecta a un servidor Redis. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186401 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4669
https://notcve.org/view.php?id=CVE-2020-4669
17 May 2021 — IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. IBM Planning Analytics Local versión 2.0, se conecta a un servidor MongoDB. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186400 • CWE-862: Missing Authorization •