CVE-2020-4562
Description
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Planning Analytics 2.0 leaks sensitive info via cross-window communication with unrestricted target origin in documentation frames.
Vulnerability
[1] IBM Planning Analytics 2.0 (specifically the Planning Analytics Workspace component) contains a flaw where cross-window communication is allowed with an unrestricted target origin via documentation frames. This enables a remote attacker to obtain sensitive information from the application. The issue exists in version 2.0 of IBM Planning Analytics.
Exploitation
[1] An attacker can exploit this vulnerability over the network without authentication or user interaction. By sending crafted messages to documentation frames that accept messages from any origin, the attacker can read sensitive data exposed through these frames. The Cross-Origin Resource Sharing (CORS) policy is not properly enforced for window messaging.
Impact
[1] Successful exploitation leads to information disclosure, allowing the attacker to access sensitive data that the application exposes through documentation frames. The CVSS score is 5.3 (medium) with low confidentiality impact and no impact on integrity or availability.
Mitigation
[1] IBM has addressed this vulnerability in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 63. Users should upgrade to this release or later. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.0
- Range: 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/183904mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6446699mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.