Security Bulletin: IBM Planning Analytics Local is affected by security vulnerabilities

Summary

The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These vulnerabilities have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47.

Vulnerability Details

CVEID:CVE-2019-4612
**DESCRIPTION:**IBM Planning Analytics Workspace is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)

CVEID:CVE-2019-4611
**DESCRIPTION:**IBM Planning Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical.

Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47 from Fix Central.

Workarounds and Mitigations

None