PT-2020-18184 · Ibm · Tm1Web+2

Published

2020-11-03

Updated

2020-11-10

CVE-2020-4649

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local version 2.0.9.2 IBM Planning Analytics Workspace version 57

Description The issue could expose data to non-privileged users due to the failure to invalidate TM1Web user sessions.

Recommendations For IBM Planning Analytics Local version 2.0.9.2, consider implementing a session invalidation mechanism to prevent unauthorized access. For IBM Planning Analytics Workspace version 57, restrict access to sensitive data until a proper session management fix is applied. As a temporary workaround, consider manually terminating TM1Web user sessions after use to minimize the risk of data exposure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-4649

Affected Products

Ibm Planning Analytics Local

Ibm Planning Analytics Workspace

Tm1Web

PT-2020-18184 · Ibm · Tm1Web+2

CVE-2020-4649

Weakness Enumeration

Related Identifiers

Affected Products

References · 5