Ibm Planning Analytics Local vulnerabilities

CVE-2021-29851 [MEDIUM] CVE-2021-29851: IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stac IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.

CVE-2021-29739 [MEDIUM] CWE-252 CVE-2021-29739: IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.

CVE-2020-4670 [CRITICAL] CWE-306 CVE-2020-4670: IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data str IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.

CVE-2020-4669 [CRITICAL] CWE-862 CVE-2020-4669: IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.

CVE-2020-4985 [HIGH] CVE-2020-4985: IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to acce IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.

CVE-2020-4649 [MEDIUM] CWE-200 CVE-2020-4649: IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to no IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.

CVE-2020-4645 [MEDIUM] CWE-79 CVE-2020-4645: IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulne IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.

CVE-2020-4644 [MEDIUM] CWE-1021 CVE-2020-4644: IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the click IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.

CVE-2020-4367 [HIGH] CWE-327 CVE-2020-4367: IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.

CVE-2020-4431 [MEDIUM] CWE-79 CVE-2020-4431: IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.

CVE-2020-4366 [MEDIUM] CWE-79 CVE-2020-4366: IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.

CVE-2020-4503 [MEDIUM] CWE-79 CVE-2020-4503: IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.

CVE-2020-4360 [MEDIUM] CWE-79 CVE-2020-4360: IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows us IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.

CVE-2020-4306 [MEDIUM] CWE-79 CVE-2020-4306: IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnera IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.

CVE-2019-4134 [MEDIUM] CWE-79 CVE-2019-4134: IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.

CVE-2018-1676 [MEDIUM] CWE-79 CVE-2018-1676: IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.