Sensitive Information Disclosure in IBM Planning Analytics
CVE-2021-20526
3.7LOW
Summary
IBM Planning Analytics 2.0 is affected by a vulnerability that allows remote attackers to access sensitive information due to the lack of the HTTPOnly flag on cookies. This oversight can enable malicious actors to retrieve confidential data, compromising the security of users' session identifiers. Users of IBM Planning Analytics should implement necessary security measures to mitigate the risk associated with this vulnerability. For detailed information, refer to the IBM support page and the X-Force vulnerability database.
Affected Version(s)
Planning Analytics 2.0
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved