Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities

2020-07-2818:30:58

www.ibm.com

0.001 Low

EPSS

Percentile

45.9%

JSON

Summary

This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.2.

Vulnerability Details

CVEID:CVE-2020-4645
**DESCRIPTION:**IBM Planning Analytics Local is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185717 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-4644
**DESCRIPTION:**IBM Planning Analytics Local could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185716 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Planning Analytics 2.0.0 - 2.0.9.1

Remediation/Fixes

The recommended solution is to apply the fix as soon as possible:

IBM Planning Analytics Local 2.0.9.2 is now available for download on Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm planning analyticseq2.0

CPE	Name	Operator	Version
	ibm planning analytics	eq	2.0

0.001 Low

EPSS

Percentile

45.9%

JSON

Related for C8FAE918DCE0D262FCF671D3A14E7B3F1F91E2F001881FEB8138EDA74DAAF19E