The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These vulnerabilities have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47.
CVEID:CVE-2019-4612
**DESCRIPTION:**IBM Planning Analytics Workspace is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)
CVEID:CVE-2019-4611
**DESCRIPTION:**IBM Planning Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Planning Analytics | 2.0 |
The recommended solution is to apply the fix as soon as practical.
None