15 results (0.009 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. • https://https://exchange.xforce.ibmcloud.com/vulnerabilities/250454 https://www.ibm.com/support/pages/node/6986639 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. IBM Planning Analytics Local versión 2.0, podría permitir a un atacante remoto obtener información confidencial cuando es devuelto una traza de pila en el navegador. X-Force ID: 198846 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198846 https://www.ibm.com/support/pages/node/6479255 • CWE-252: Unchecked Return Value •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. IBM Planning Analytics Local versión 2.0, se conecta a un servidor Redis. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186401 https://www.ibm.com/support/pages/node/6436821 • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. IBM Planning Analytics Local versión 2.0, se conecta a un servidor MongoDB. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186400 https://www.ibm.com/support/pages/node/6436821 • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. IBM Planning Analytics Local versión 2.0, podría permitir a un atacante conseguir información confidencial debido a que acepta parámetros de cuerpo en una consulta. IBM X-Force ID: 192642 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192642 https://www.ibm.com/support/pages/node/6452743 •