Allele Security Alert
ASA-2019-00253
Identifier(s)
ASA-2019-00253, CVE-2018-1933
Title
Cross-Site Scripting (XSS) vulnerability
Vendor(s)
IBM
Product(s)
IBM Planning Analytics
Affected version(s)
IBM Planning Analytics versions 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5 and 2.0.6
Fixed version(s)
IBM Planning Analytics version 2.0.7
Proof of concept
Unknown
Description
IBM Planning Analytics is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Technical details
Unknown
Credits
Unknown
Reference(s)
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
https://www-01.ibm.com/support/docview.wss?uid=ibm10879407
IBM Planning Analytics cross-site scripting
https://exchange.xforce.ibmcloud.com/vulnerabilities/153177
CVE-2018-1933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1933
CVE-2018-1933
https://nvd.nist.gov/vuln/detail/CVE-2018-1933
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019