Cross-Site Scripting Vulnerability in IBM Planning Analytics Software
CVE-2018-1676

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 July 2018

Summary

The vulnerability in IBM Planning Analytics, present in versions 2.0.0 through 2.0.4, allows an attacker to inject malicious JavaScript code into the Web UI. This can modify the functionality of the application, potentially enabling unauthorized access to sensitive information such as user credentials during active sessions. Users are advised to apply appropriate security measures to mitigate this risk.

Affected Version(s)

Planning Analytics Local 2.0.1

Planning Analytics Local 2.0.2

Planning Analytics Local 2.0.0

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.