PT-2021-12206 · Ibm · Ibm Planning Analytics

Published

2021-01-19

Updated

2021-07-21

CVE-2020-4873

CVSS v3.1

5.3

Medium

Vector

PR:N/UI:N/I:N/AV:N/A:N/AC:L/C:L/S:U

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics version 2.0

Description The issue allows an attacker to obtain sensitive information due to an overly permissive CORS policy.

Recommendations For IBM Planning Analytics version 2.0, consider restricting access to sensitive information until a fix is available. As a temporary workaround, review and adjust the CORS policy settings to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-4873

Affected Products

Ibm Planning Analytics

PT-2021-12206 · Ibm · Ibm Planning Analytics

CVE-2020-4873

Weakness Enumeration

Related Identifiers

Affected Products

References · 5