Cross-Site Scripting Vulnerability in IBM Planning Analytics Software
CVE-2018-1676
6.1MEDIUM
Summary
The vulnerability in IBM Planning Analytics, present in versions 2.0.0 through 2.0.4, allows an attacker to inject malicious JavaScript code into the Web UI. This can modify the functionality of the application, potentially enabling unauthorized access to sensitive information such as user credentials during active sessions. Users are advised to apply appropriate security measures to mitigate this risk.
Affected Version(s)
Planning Analytics Local 2.0.1
Planning Analytics Local 2.0.2
Planning Analytics Local 2.0.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved