CVE-2020-4431: XSS
First published: Mon Jun 01 2020(Updated: )
IBM Planning Analytics Local is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Planning Analytics Local | >=2.0.0<2.0.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this IBM Planning Analytics Local vulnerability?
The vulnerability ID for this IBM Planning Analytics Local vulnerability is CVE-2020-4431.
What is the severity of CVE-2020-4431?
The severity of CVE-2020-4431 is medium with a CVSS score of 5.4.
How does the vulnerability in IBM Planning Analytics Local allow cross-site scripting (XSS) attacks?
The vulnerability in IBM Planning Analytics Local allows users to embed arbitrary JavaScript code in the Web UI, enabling cross-site scripting (XSS) attacks.
What can an attacker potentially achieve through the cross-site scripting vulnerability in IBM Planning Analytics Local?
An attacker exploiting the cross-site scripting vulnerability in IBM Planning Analytics Local can alter the intended functionality of the Web UI and potentially disclose credentials within a trusted session.
How can I fix the cross-site scripting vulnerability in IBM Planning Analytics Local?
To fix the cross-site scripting vulnerability in IBM Planning Analytics Local, apply the necessary security updates or patches provided by IBM.
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- product/planning analytics local
- canonical/ibm planning analytics local