Ibm

Planning Analytics

31 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-25044

  • EPSS 0.05%
  • Published 01.06.2025 11:35:22
  • Last modified 09.06.2025 18:08:44

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

8

CVE-2024-40693

  • EPSS 0.07%
  • Published 24.01.2025 16:15:36
  • Last modified 04.03.2025 16:58:06

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, an...

8.8

CVE-2024-25034

  • EPSS 0.07%
  • Published 24.01.2025 16:15:34
  • Last modified 04.03.2025 16:58:06

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can ...

9.8

CVE-2023-42017

  • EPSS 0.09%
  • Published 22.12.2023 16:15:07
  • Last modified 21.11.2024 08:22:07

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload...

6.1

CVE-2021-39047

  • EPSS 0.22%
  • Published 24.06.2022 16:15:08
  • Last modified 21.11.2024 06:18:29

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

7.3

CVE-2022-22339

  • EPSS 0.15%
  • Published 08.04.2022 16:15:08
  • Last modified 21.11.2024 06:46:40

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Fo...

7.8

CVE-2022-22308

  • EPSS 0.17%
  • Published 21.02.2022 18:15:09
  • Last modified 21.11.2024 06:46:36

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.

9.3

CVE-2021-38873

  • EPSS 0.17%
  • Published 24.11.2021 17:15:07
  • Last modified 21.11.2024 06:18:07

IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.

5.3

CVE-2021-20526

  • EPSS 0.21%
  • Published 27.10.2021 16:15:07
  • Last modified 21.11.2024 05:46:43

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ...

4.3

CVE-2021-29853

  • EPSS 0.12%
  • Published 01.09.2021 17:15:07
  • Last modified 21.11.2024 06:01:55

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.