Skip to main content

Planning Analytics

21 CVEs product

Monthly

CVE-2024-40693 HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-25034 HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2023-42017 CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM Planning Analytics
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-22339 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF IBM Planning Analytics
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2022-22308 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-38873 HIGH PATCH This Week

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Planning Analytics
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-20526 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-29853 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29852 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29851 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-20580 MEDIUM This Month

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-20477 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-4764 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Planning Analytics
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-4653 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Planning Analytics
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4648 MEDIUM PATCH This Month

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4527 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure Planning Analytics
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2020-4361 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Planning Analytics
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4716 CRITICAL POC KEV PATCH THREAT Act Now

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection IBM RCE Planning Analytics
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.4%
CVE-2019-4612 HIGH This Week

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-4611 MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4134 MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Planning Analytics
NVD
CVSS 3.1
6.1
EPSS
0.9%
EPSS 0% CVSS 8.0
HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
EPSS 0% CVSS 8.0
HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM +1
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF IBM Planning Analytics
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM Code Injection Planning Analytics
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Planning Analytics
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Planning Analytics
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Planning Analytics
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Planning Analytics
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Planning Analytics
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Session Fixation Information Disclosure +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Planning Analytics
NVD
EPSS 86% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection IBM RCE +1
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Planning Analytics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy