Sensitive Information Disclosure in IBM Planning Analytics
CVE-2021-20526

3.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
27 October 2021

Summary

IBM Planning Analytics 2.0 is affected by a vulnerability that allows remote attackers to access sensitive information due to the lack of the HTTPOnly flag on cookies. This oversight can enable malicious actors to retrieve confidential data, compromising the security of users' session identifiers. Users of IBM Planning Analytics should implement necessary security measures to mitigate the risk associated with this vulnerability. For detailed information, refer to the IBM support page and the X-Force vulnerability database.

Affected Version(s)

Planning Analytics 2.0

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.