ReportizFlow
Filtered by vendor Ibm
Subscriptions
Filtered by product Planning Analytics Local
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33004 | 1 Ibm | 1 Planning Analytics Local | 2025-06-02 | 6.5 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction. | ||||
| CVE-2025-33005 | 1 Ibm | 1 Planning Analytics Local | 2025-06-02 | 6.3 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | ||||
| CVE-2025-25044 | 1 Ibm | 1 Planning Analytics Local | 2025-06-02 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-2896 | 1 Ibm | 1 Planning Analytics Local | 2025-06-02 | 4.8 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-25034 | 1 Ibm | 1 Planning Analytics Local | 2025-02-12 | 8 High |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | ||||
| CVE-2024-40693 | 1 Ibm | 1 Planning Analytics Local | 2025-02-12 | 8 High |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
| CVE-2023-28520 | 1 Ibm | 1 Planning Analytics Local | 2025-01-24 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | ||||
| CVE-2024-31889 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. | ||||
| CVE-2024-31907 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | ||||
| CVE-2024-31908 | 1 Ibm | 1 Planning Analytics Local | 2025-01-08 | 6.4 Medium |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | ||||
| CVE-2021-29739 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 4.9 Medium |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. | ||||
| CVE-2020-4985 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 7.5 High |
| IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. | ||||
| CVE-2020-4670 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 9.1 Critical |
| IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | ||||
| CVE-2020-4669 | 1 Ibm | 2 Planning Analytics Cloud, Planning Analytics Local | 2024-11-21 | 9.1 Critical |
| IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | ||||
| CVE-2020-4649 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 4.3 Medium |
| IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. | ||||
| CVE-2020-4645 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 5.4 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717. | ||||
| CVE-2020-4644 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 5.4 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716. | ||||
| CVE-2020-4503 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 6.1 Medium |
| IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283. | ||||
| CVE-2020-4431 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 5.4 Medium |
| IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761. | ||||
| CVE-2020-4367 | 1 Ibm | 1 Planning Analytics Local | 2024-11-21 | 7.5 High |
| IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001. | ||||