cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-40693,https://securityvulnerability.io/vulnerability/CVE-2024-40693,File Upload Vulnerability in IBM Planning Analytics by IBM,"IBM Planning Analytics versions 2.0 and 2.1 are susceptible to a file upload vulnerability due to inadequate validation of uploaded file content. This security flaw enables attackers to upload malicious executable files through the web interface, potentially leading to unauthorized access or the execution of harmful actions within the system. Users should implement immediate measures to secure their installations and mitigate the risk of exploitation.",IBM,Planning Analytics Local,8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-24T15:26:27.144Z,0
CVE-2024-25034,https://securityvulnerability.io/vulnerability/CVE-2024-25034,Malicious File Upload Vulnerability in IBM Planning Analytics,"IBM Planning Analytics versions 2.0 and 2.1 are susceptible to a file upload vulnerability due to a lack of validation for file types during the File Manager T1 process. This security flaw enables attackers to upload malicious executable files, which can subsequently be sent to unsuspecting victims for executing further exploits, potentially compromising system integrity and user data.",IBM,Planning Analytics Local,8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-24T15:25:05.723Z,0
CVE-2024-35143,https://securityvulnerability.io/vulnerability/CVE-2024-35143,Unauthorized Access to MongoDB Database via Remote Port,"IBM Planning Analytics Local versions 2.0 and 2.1 are vulnerable due to their connection configuration with MongoDB, a popular document-oriented database system. The MongoDB server is set to listen on a remote port and is configured to allow connections without requiring password authentication. This misconfiguration allows a remote attacker to exploit this weakness and gain unauthorized access to the database, potentially leading to the exposure of sensitive information and data integrity issues. Security measures should be taken to secure MongoDB instances and properly authenticate all connections to mitigate these risks.",IBM,Planning Analytics Local,9.1,CRITICAL,0.00107999995816499,false,,false,false,false,,,false,false,,2024-08-04T13:03:10.154Z,0
CVE-2024-31907,https://securityvulnerability.io/vulnerability/CVE-2024-31907,IBM Planning Analytics Local 2.0 and 2.1 vulnerable to Cross-Site Scripting,IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  289889.,IBM,Planning Analytics Local,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-31T13:09:56.762Z,0
CVE-2024-31908,https://securityvulnerability.io/vulnerability/CVE-2024-31908,IBM Planning Analytics Local 2.0 and 2.1 Vulnerable to Stored Cross-Site Scripting,IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  289890.,IBM,Planning Analytics Local,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-31T13:05:34.385Z,0
CVE-2024-31889,https://securityvulnerability.io/vulnerability/CVE-2024-31889,IBM Planning Analytics Local 2.0 and 2.1 vulnerable to Cross-Site Scripting,IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  288136.,IBM,Planning Analytics Local,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-31T12:57:26.223Z,0
CVE-2023-28520,https://securityvulnerability.io/vulnerability/CVE-2023-28520,IBM Planning Analytics Local cross-site scripting,IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  250454.,IBM,Planning Analytics Local,6.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-12T02:15:00.000Z,0
CVE-2021-29853,https://securityvulnerability.io/vulnerability/CVE-2021-29853,Information Exposure in IBM Planning Analytics,"IBM Planning Analytics 2.0 is susceptible to information exposure due to a failure in properly validating return values from certain methods and functions. This lack of validation could allow attackers to manipulate data, potentially leading to further security incidents. Organizations using this software should take immediate steps to assess their systems and apply necessary patches to mitigate risks associated with this vulnerability. For more information, please refer to the IBM support page and X-Force vulnerability database for detailed insights.",IBM,Planning Analytics Local,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-01T17:15:00.000Z,0
CVE-2021-29852,https://securityvulnerability.io/vulnerability/CVE-2021-29852,Cross-Site Scripting Vulnerability in IBM Planning Analytics Web UI,"IBM Planning Analytics 2.0 is susceptible to a cross-site scripting vulnerability that permits the injection of arbitrary JavaScript code into its Web UI. This flaw can be exploited by an attacker to modify the site's functionality and potentially expose sensitive user credentials within a trusted session, compromising the security of affected systems. For further details, refer to IBM's support page and the IBM X-Force vulnerability database.",IBM,Planning Analytics Local,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-01T17:15:00.000Z,0
CVE-2021-29851,https://securityvulnerability.io/vulnerability/CVE-2021-29851,Information Disclosure Vulnerability in IBM Planning Analytics,"IBM Planning Analytics 2.0 is vulnerable as it may allow remote attackers to gain access to sensitive information via stack traces that are inadvertently shown in the browser. This breach can lead to the exposure of critical data, thereby posing a risk to both individual and organizational security.",IBM,Planning Analytics Local,4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-09-01T17:15:00.000Z,0
CVE-2021-29739,https://securityvulnerability.io/vulnerability/CVE-2021-29739,Information Disclosure Vulnerability in IBM Planning Analytics Local,"IBM Planning Analytics Local 2.0 contains a vulnerability that may allow a remote attacker to gain unauthorized access to sensitive information via a stack trace that is inadvertently exposed in the browser. This significant issue could potentially expose critical details, thereby increasing the risk of further attacks. Organizations using this version should take proactive measures to secure their system against potential exploitation.",IBM,Planning Analytics Local,2.7,LOW,0.0014400000218302011,false,,false,false,false,,,false,false,,2021-08-10T14:15:00.000Z,0
CVE-2020-4669,https://securityvulnerability.io/vulnerability/CVE-2020-4669,,"IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.",IBM,Planning Analytics Local,7.4,HIGH,0.006639999803155661,false,,false,false,false,,,false,false,,2021-05-17T17:15:00.000Z,0
CVE-2020-4670,https://securityvulnerability.io/vulnerability/CVE-2020-4670,,"IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.",IBM,Planning Analytics Local,7.4,HIGH,0.0040799998678267,false,,false,false,false,,,false,false,,2021-05-17T17:15:00.000Z,0
CVE-2020-4985,https://securityvulnerability.io/vulnerability/CVE-2020-4985,,IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.,IBM,Planning Analytics Local,3.7,LOW,0.001069999998435378,false,,false,false,false,,,false,false,,2021-05-14T17:15:00.000Z,0
CVE-2020-4649,https://securityvulnerability.io/vulnerability/CVE-2020-4649,,IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.,IBM,"Planning Analytics Local,Planning Analytics Workspace",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-11-03T14:15:00.000Z,0
CVE-2020-4367,https://securityvulnerability.io/vulnerability/CVE-2020-4367,,IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.,IBM,Planning Analytics Local,5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2020-06-02T14:15:00.000Z,0
CVE-2020-4360,https://securityvulnerability.io/vulnerability/CVE-2020-4360,,IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.,IBM,Planning Analytics Local,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-06-02T14:15:00.000Z,0
CVE-2020-4503,https://securityvulnerability.io/vulnerability/CVE-2020-4503,,IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.,IBM,Planning Analytics Local,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-06-02T14:15:00.000Z,0
CVE-2020-4431,https://securityvulnerability.io/vulnerability/CVE-2020-4431,,IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.,IBM,Planning Analytics Local,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-06-02T14:15:00.000Z,0
CVE-2020-4366,https://securityvulnerability.io/vulnerability/CVE-2020-4366,,IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.,IBM,Planning Analytics Local,6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2020-06-02T14:15:00.000Z,0
CVE-2020-4306,https://securityvulnerability.io/vulnerability/CVE-2020-4306,,IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.,IBM,Planning Analytics Local,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-05-29T13:15:00.000Z,0
CVE-2019-4134,https://securityvulnerability.io/vulnerability/CVE-2019-4134,,IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.,IBM,Planning Analytics Local,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2019-07-02T15:15:00.000Z,0
CVE-2018-1676,https://securityvulnerability.io/vulnerability/CVE-2018-1676,,IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.,IBM,Planning Analytics Local,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-07-06T14:29:00.000Z,0