Cross-Site Scripting Vulnerability in IBM Planning Analytics
CVE-2021-20477

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 June 2021

Summary

IBM Planning Analytics 2.0 contains a cross-site scripting vulnerability that can be exploited by users to inject arbitrary JavaScript code into the Web UI. This flaw can potentially modify the application's intended functionality, allowing malicious actors to disclose sensitive credentials during trusted user sessions. The issue raises significant security concerns as it can impact the confidentiality of user data.

Affected Version(s)

Planning Analytics 2.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.