Cross-Site Scripting Vulnerability in IBM Planning Analytics
CVE-2021-20477
5.4MEDIUM
Summary
IBM Planning Analytics 2.0 contains a cross-site scripting vulnerability that can be exploited by users to inject arbitrary JavaScript code into the Web UI. This flaw can potentially modify the application's intended functionality, allowing malicious actors to disclose sensitive credentials during trusted user sessions. The issue raises significant security concerns as it can impact the confidentiality of user data.
Affected Version(s)
Planning Analytics 2.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved