Skip to main content

Planning Analytics CVE-2020-4648

MEDIUM
2020-08-19 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 19, 2020 - 13:15 nvd
MEDIUM 6.5

DescriptionNVD

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019.

AnalysisAI

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. Affected products include: Ibm Planning Analytics.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4716 CRITICAL POC
9.8 Dec 18

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use

CVE-2023-42017 CRITICAL
9.8 Dec 22

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validat

CVE-2019-4612 HIGH
8.8 Dec 09

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.

CVE-2022-22308 HIGH
7.8 Feb 21

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vul

CVE-2021-38873 HIGH
7.8 Nov 24

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2022-22339 HIGH
7.3 Apr 08

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vul

CVE-2020-4764 MEDIUM
6.5 Dec 18

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute maliciou

CVE-2020-4653 MEDIUM
6.1 Aug 19

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rat

CVE-2019-4134 MEDIUM
6.1 Jul 02

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2020-4527 MEDIUM
5.9 Jul 20

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set t

CVE-2021-29852 MEDIUM
5.4 Sep 01

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2021-20477 MEDIUM
5.4 Jun 29

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2020-4648 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy