Skip to main content

Planning Analytics CVE-2021-29853

MEDIUM
Unchecked Return Value (CWE-252)
2021-09-01 psirt@us.ibm.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 01, 2021 - 17:15 nvd
MEDIUM 4.3

DescriptionNVD

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

AnalysisAI

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-252. IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. Affected products include: Ibm Planning Analytics.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4716 CRITICAL POC
9.8 Dec 18

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use

CVE-2023-42017 CRITICAL
9.8 Dec 22

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validat

CVE-2019-4612 HIGH
8.8 Dec 09

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.

CVE-2022-22308 HIGH
7.8 Feb 21

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vul

CVE-2021-38873 HIGH
7.8 Nov 24

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2022-22339 HIGH
7.3 Apr 08

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vul

CVE-2020-4764 MEDIUM
6.5 Dec 18

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute maliciou

CVE-2020-4648 MEDIUM
6.5 Aug 19

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified

CVE-2020-4653 MEDIUM
6.1 Aug 19

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rat

CVE-2019-4134 MEDIUM
6.1 Jul 02

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2020-4527 MEDIUM
5.9 Jul 20

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set t

CVE-2021-29852 MEDIUM
5.4 Sep 01

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2021-29853 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy