CVE-2019-4611
Description
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Planning Analytics 2.0 is vulnerable to stored cross-site scripting, allowing attackers to embed arbitrary JavaScript in the Web UI, potentially leading to credential disclosure.
Vulnerability
IBM Planning Analytics version 2.0 is vulnerable to cross-site scripting (XSS) in the Web UI. This stored XSS vulnerability allows users to embed arbitrary JavaScript code into the interface, which is then executed in the context of other users' sessions. The vulnerability exists in the Planning Analytics Workspace component. [1]
Exploitation
An attacker with authenticated access to IBM Planning Analytics can inject malicious JavaScript into the Web UI. The injected script executes when other users view the affected page, requiring no additional user interaction beyond normal browsing. The attacker does not need special privileges beyond standard user access. [1]
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of a victim's session. This can lead to disclosure of sensitive information, including credentials, within a trusted session. The CVSS vector indicates low impact to confidentiality and integrity, with scope changed. [1]
Mitigation
IBM has addressed this vulnerability in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 47. Users should upgrade to this release or later. No workarounds are available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 2.0
- Range: 2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/168519mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/1118565mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.