March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
FlyingYeti Leverages WinRAR Flaw to Launch Malware Attacks – Active IOCs
June 4, 2024BitRAT and Lumma Stealer Malware Propagating via Fake Browser Updates – Active IOCs
June 4, 2024FlyingYeti Leverages WinRAR Flaw to Launch Malware Attacks – Active IOCs
June 4, 2024BitRAT and Lumma Stealer Malware Propagating via Fake Browser Updates – Active IOCs
June 4, 2024
Severity
Medium
Analysis Summary
CVE-2024-31908 CVSS:6.4
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-31907 CVSS:5.4
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-31889 CVSS:5.4
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-31908
- CVE-2024-31907
- CVE-2024-31889
Affected Vendors
IBM
Affected Products
- IBM Planning Analytics Local 2.1
- IBM Planning Analytics Local 2.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.