First published: Thu May 30 2024(Updated: )
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Planning Analytics Workspace | <=2.1 | |
IBM Planning Analytics Workspace | <=2.0 | |
IBM Planning Analytics Workspace | =2.0.0 | |
IBM Planning Analytics Workspace | =2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-31908 is rated as high due to the potential for credentials disclosure through stored cross-site scripting.
To fix CVE-2024-31908, it is recommended to update IBM Planning Analytics Local to version 2.2 or later.
The affected versions for CVE-2024-31908 include IBM Planning Analytics Local 2.0 and 2.1.
CVE-2024-31908 is a stored cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code.
Yes, CVE-2024-31908 can be exploited within a trusted session, potentially leading to credential disclosure.