Skip to main content

Planning Analytics CVE-2020-4764

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2020-12-18 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 18, 2020 - 15:15 nvd
MEDIUM 6.5

DescriptionNVD

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898.

AnalysisAI

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. Affected products include: Ibm Planning Analytics.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2019-4716 CRITICAL POC
9.8 Dec 18

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use

CVE-2023-42017 CRITICAL
9.8 Dec 22

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validat

CVE-2019-4612 HIGH
8.8 Dec 09

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.

CVE-2022-22308 HIGH
7.8 Feb 21

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vul

CVE-2021-38873 HIGH
7.8 Nov 24

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2022-22339 HIGH
7.3 Apr 08

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vul

CVE-2020-4648 MEDIUM
6.5 Aug 19

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified

CVE-2020-4653 MEDIUM
6.1 Aug 19

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rat

CVE-2019-4134 MEDIUM
6.1 Jul 02

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2020-4527 MEDIUM
5.9 Jul 20

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set t

CVE-2021-29852 MEDIUM
5.4 Sep 01

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2021-20477 MEDIUM
5.4 Jun 29

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2020-4764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy