Skip to main content

Planning Analytics Local CVE-2020-4367

HIGH
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2020-06-02 psirt@us.ibm.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 02, 2020 - 14:15 nvd
HIGH 7.5

DescriptionNVD

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.

AnalysisAI

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-327. IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. Affected products include: Ibm Planning Analytics Local.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-35143 CRITICAL
9.1 Aug 04

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerab

CVE-2025-33004 MEDIUM
6.5 Jun 01

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper

CVE-2026-1267 MEDIUM
6.5 Mar 17

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain an improper access control vulnerability (CWE-200) th

CVE-2025-33005 MEDIUM
6.3 Jun 01

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated u

CVE-2020-4503 MEDIUM
6.1 Jun 02

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2020-4366 MEDIUM
6.1 Jun 02

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2018-1676 MEDIUM
6.1 Jul 06

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this

CVE-2025-14806 MEDIUM
5.7 Mar 17

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attac

CVE-2025-25044 MEDIUM
5.4 Jun 01

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticat

CVE-2024-31908 MEDIUM
5.4 May 31

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4),

CVE-2024-31907 MEDIUM
5.4 May 31

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

CVE-2024-31889 MEDIUM
5.4 May 31

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

Share

CVE-2020-4367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy