Cross-Site Scripting Vulnerability in IBM Planning Analytics
CVE-2021-20477

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Planning Analytics
Vendor: CVE Published:; 29 June 2021

Summary

IBM Planning Analytics 2.0 contains a cross-site scripting vulnerability that can be exploited by users to inject arbitrary JavaScript code into the Web UI. This flaw can potentially modify the application's intended functionality, allowing malicious actors to disclose sensitive credentials during trusted user sessions. The issue raises significant security concerns as it can impact the confidentiality of user data.

Affected Version(s)

Planning Analytics 2.0

References

https://www.ibm.com/support/pages/node/6462331

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/196949

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Dec 17, 2020