Vulnerabilities > IBM > Planning Analytics

DATE CVE VULNERABILITY TITLE RISK
2020-07-20 CVE-2020-4527 Session Fixation vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode.
network
ibm CWE-384
4.3
4.3
2020-07-20 CVE-2020-4361 Information Exposure vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses.
network
low complexity
ibm CWE-200
4.0
4.0
2020-02-05 CVE-2019-4613 Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
6.8
2019-12-18 CVE-2019-4716 Code Injection vulnerability in IBM Planning Analytics
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.
network
low complexity
ibm CWE-94
critical
 9.8
9.8
2019-12-09 CVE-2019-4612 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal.
network
low complexity
ibm CWE-434
6.5
6.5
2019-12-09 CVE-2019-4611 Cross-site Scripting vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2019-07-02 CVE-2019-4134 Cross-site Scripting vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2019-05-01 CVE-2018-1933 Cross-site Scripting vulnerability in IBM Planning Analytics
IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5