Lucene search

IbmCVELIST:CVE-2020-4562

HistoryApr 26, 2021 - 4:30 p.m.

CVE-2020-4562

2021-04-2616:30:42

ibm

www.cve.org

ibm planning analytics

cross-window communication

sensitive information

remote attacker

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.

CNA Affected

[
  {
    "product": "Planning Analytics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/183904

www.ibm.com/support/pages/node/6446699

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Related for CVELIST:CVE-2020-4562