Cross-Site Request Forgery Vulnerability in IBM Planning Analytics
CVE-2021-20580

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Planning Analytics
Vendor: CVE Published:; 29 June 2021

Summary

IBM Planning Analytics version 2.0 is susceptible to a cross-site request forgery (CSRF) vulnerability, which may enable attackers to perform unintended actions on behalf of authenticated users. This occurs when a trusted user unknowingly executes malicious commands. Attackers could exploit this vulnerability to carry out unauthorized operations, compromising the security of the system and user data.

Affected Version(s)

Planning Analytics 2.0

References

https://www.ibm.com/support/pages/node/6462331

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/198241

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Dec 17, 2020