CVE-2020-4527

MEDIUM

IBM Planning Analytics 2.0 - Info Disclosure

Title source: llm

Description

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 182631.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6249981

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/182631

Scores

CVSS v3 5.9

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-384

Status published

Products (1)

ibm/planning_analytics 2.0

Published Jul 20, 2020

Tracked Since Feb 18, 2026