Sensitive Information Disclosure in IBM Planning Analytics
CVE-2021-20526

3.7LOW

Key Information:

Vendor: IBM
Status: Planning Analytics
Vendor: CVE Published:; 27 October 2021

Summary

IBM Planning Analytics 2.0 is affected by a vulnerability that allows remote attackers to access sensitive information due to the lack of the HTTPOnly flag on cookies. This oversight can enable malicious actors to retrieve confidential data, compromising the security of users' session identifiers. Users of IBM Planning Analytics should implement necessary security measures to mitigate the risk associated with this vulnerability. For detailed information, refer to the IBM support page and the X-Force vulnerability database.

Affected Version(s)

Planning Analytics 2.0

References

https://www.ibm.com/support/pages/node/6507095

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/198755

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2021
Vulnerability Reserved
Dec 17, 2020