IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname…
ibm·CWE-346·Published 2021-01-19
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.
IBM Planning Analytics versión 2.0, podría permitir a un atacante remoto obtener información confidencial, debido a una falta de comprobación del nombre de host del servidor para la comunicación SSL/TLS. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para obtener información confidencial. IBM X-Force ID: 190851
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| 3.0 | Primary | cve.org | 5.9 | — | — | CVSS:3.0/AC:H/C:H/S:U/PR:N/UI:N/AV:N/A:N/I:N/RC:C/RL:O/E:U |
| 3.0 | Primary | cve.org | 5.9 | — | — | CVSS:3.0/AC:H/C:H/S:U/PR:N/UI:N/AV:N/A:N/I:N/RC:C/RL:O/E:U |
| 3.0 | Secondary | NVD | 5.9 | 2.2 | 3.6 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |