CVE-2021-39047
Severity
6.1MEDIUM
EPSS
0.2%
top 56.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 24
Latest updateJun 25
Description
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7