Skip to main content

Planning Analytics CVE-2021-20580

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2021-06-29 psirt@us.ibm.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 29, 2021 - 16:15 nvd
MEDIUM 4.3

DescriptionNVD

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241.

AnalysisAI

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241. Affected products include: Ibm Planning Analytics.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2019-4716 CRITICAL POC
9.8 Dec 18

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use

CVE-2023-42017 CRITICAL
9.8 Dec 22

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validat

CVE-2019-4612 HIGH
8.8 Dec 09

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.

CVE-2022-22308 HIGH
7.8 Feb 21

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vul

CVE-2021-38873 HIGH
7.8 Nov 24

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2022-22339 HIGH
7.3 Apr 08

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vul

CVE-2020-4764 MEDIUM
6.5 Dec 18

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute maliciou

CVE-2020-4648 MEDIUM
6.5 Aug 19

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified

CVE-2020-4653 MEDIUM
6.1 Aug 19

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rat

CVE-2019-4134 MEDIUM
6.1 Jul 02

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2020-4527 MEDIUM
5.9 Jul 20

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set t

CVE-2021-29852 MEDIUM
5.4 Sep 01

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2021-20580 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy