CVE-2019-4612 — CVSS 8.8 (high): IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and…
CVE-2019-4613 — CVSS 8.8 (high): IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized…
CVE-2024-25034 — CVSS 8.0 (high): IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1…
CVE-2023-42017 — CVSS 8.0 (high): IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file…
CVE-2024-40693 — CVSS 8.0 (high): IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the…
CVE-2022-22308 — CVSS 7.8 (high): IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and…
CVE-2021-38873 — CVSS 7.8 (high): IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system…
CVE-2020-4881 — CVSS 7.5 (high): IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname…
CVE-2022-22339 — CVSS 7.3 (high): IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2020-4648 — CVSS 6.5 (medium): A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users…
CVE-2020-4764 — CVSS 6.5 (medium): IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized…
CVE-2020-4882 — CVSS 6.1 (medium): IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data…
CVE-2019-4134 — CVSS 6.1 (medium): IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2020-4653 — CVSS 6.1 (medium): IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim…
CVE-2021-39047 — CVSS 6.1 (medium): IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability…
CVE-2020-4527 — CVSS 5.9 (medium): IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for…
CVE-2020-4871 — CVSS 5.5 (medium): IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
CVE-2019-4611 — CVSS 5.4 (medium): IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2021-20477 — CVSS 5.4 (medium): IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2018-1933 — CVSS 5.4 (medium): IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-29852 — CVSS 5.4 (medium): IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2020-4873 — CVSS 5.3 (medium): IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID…
CVE-2021-20526 — CVSS 5.3 (medium): IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A…
CVE-2020-4562 — CVSS 5.3 (medium): IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with…
CVE-2021-29853 — CVSS 4.3 (medium): IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some…
CVE-2021-20580 — CVSS 4.3 (medium): IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and…
CVE-2021-29851 — CVSS 4.3 (medium): IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM…
CVE-2020-4361 — CVSS 4.3 (medium): IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP…
CVE-2020-4953 — CVSS 4.3 (medium): IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by…