threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm planning analytics
Product
ibm planning analytics
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-40693
all versions
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded
8.0
HIGH
CVE-2024-25034
all versions
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Man
8.0
HIGH
CVE-2023-42017
all versions
IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of fil
8.0
HIGH
CVE-2021-39047
all versions
IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulner
6.1
MEDIUM
CVE-2022-22339
all versions
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send u
7.3
HIGH
CVE-2022-22308
all versions
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include comma
7.8
HIGH
CVE-2021-38873
all versions
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the s
7.8
HIGH
CVE-2021-20526
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnl
5.3
MEDIUM
CVE-2021-29853
all versions
IBM Planning Analytics 2.0 could expose information that could be used to create attacks by not validating the return values fr
4.3
MEDIUM
CVE-2021-29852
all versions
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript co
5.4
MEDIUM
CVE-2021-29851
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the bro
4.3
MEDIUM
CVE-2021-20580
all versions
IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malic
4.3
MEDIUM
CVE-2021-20477
all versions
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript co
5.4
MEDIUM
CVE-2020-4562
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication wi
5.3
MEDIUM
CVE-2020-4882
all versions
IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-contro
6.1
MEDIUM
CVE-2020-4953
all versions
IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal stru
4.3
MEDIUM
CVE-2020-4881
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname ve
7.5
HIGH
CVE-2020-4873
all versions
IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-
5.3
MEDIUM
CVE-2020-4871
all versions
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID:
5.5
MEDIUM
CVE-2020-4764
all versions
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unau
6.5
MEDIUM
CVE-2020-4653
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading
6.1
MEDIUM
CVE-2020-4648
all versions
A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other u
6.5
MEDIUM
CVE-2020-4527
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure
5.9
MEDIUM
CVE-2020-4361
all versions
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTT
4.3
MEDIUM
CVE-2019-4613
all versions
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unau
8.8
HIGH
CVE-2019-4716
>= 2.0 and <= 2.0.8
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login
9.8
CRITICAL
CVE-2019-4612
all versions
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weaknes
8.8
HIGH
CVE-2019-4611
all versions
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript co
5.4
MEDIUM
CVE-2019-4134
all versions
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript co
6.1
MEDIUM
CVE-2018-1933
>= 2.0 and <= 2.0.6
IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin