CVE-2018-1676: XSS
First published: Fri Jul 06 2018(Updated: )
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Planning Analytics Local | >=2.0.0<=2.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability of CVE-2018-1676?
CVE-2018-1676 is a cross-site scripting vulnerability in IBM Planning Analytics 2.0.0 through 2.0.4, allowing arbitrary JavaScript code injection.
How does CVE-2018-1676 impact users?
CVE-2018-1676 allows attackers to embed malicious JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.
What is the severity level of CVE-2018-1676?
The severity of CVE-2018-1676 is medium (6.1).
How can I fix the vulnerability in IBM Planning Analytics?
To fix the vulnerability, update IBM Planning Analytics to version 2.0.5 or later.
Where can I find more information about CVE-2018-1676?
You can find more information about CVE-2018-1676 at the following references: [IBM Support Document](http://www.ibm.com/support/docview.wss?uid=swg22016372) and [IBM X-Force ID](https://exchange.xforce.ibmcloud.com/vulnerabilities/145118).
- collector/nvd-index
- vendor/ibm
- canonical/ibm planning analytics local
- version/ibm planning analytics local/2.0.0
- version/ibm planning analytics local/2.0.4