Cross-Site Scripting Vulnerability in IBM Planning Analytics
CVE-2020-4306

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Planning Analytics Local
Vendor: CVE Published:; 29 May 2020

What is CVE-2020-4306?

A cross-site scripting (XSS) vulnerability exists in IBM Planning Analytics Local versions 2.0.0 to 2.0.9. This vulnerability enables attackers to inject arbitrary JavaScript code into the web user interface, potentially compromising the security of users' sessions and leading to the disclosure of sensitive credentials. The flaw could be exploited by malicious actors to manipulate the intended functionality of the application. For more information, refer to IBM's support page and the X-Force ID entry.

Affected Version(s)

Planning Analytics Local 2.0.0

Planning Analytics Local 2.0.9

References

https://www.ibm.com/support/pages/node/6213263

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/176735

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2020
Vulnerability Reserved
Dec 30, 2019