CVE-2020-4653
Description
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Open redirect in IBM Planning Analytics 2.0 Workspace lets attackers spoof URLs, tricking victims into phishing sites.
Vulnerability
IBM Planning Analytics 2.0 Workspace contains an open redirect vulnerability (CVE-2020-4653) that allows a remote attacker to craft a URL that appears to redirect to a trusted site but instead leads to a malicious destination. The vulnerability resides in the web application components of IBM Planning Analytics Workspace, specifically affecting versions prior to Planning Analytics Workspace Release 55 (included in IBM Planning Analytics Local v2.0) [1].
Exploitation
To exploit this vulnerability, an attacker must have a valid account (low-privilege access) on the IBM Planning Analytics system. The attacker crafts a specially designed link that leverages the open redirect functionality and then tricks an authenticated victim into clicking it, for example via email or social engineering. The victim's user interaction is required to trigger the redirect [1].
Impact
Successful exploitation allows the attacker to redirect the victim to a malicious website that appears trustworthy. This can lead to the theft of highly sensitive information (such as credentials) or enable further attacks against the victim. The confidentiality of user data is impacted due to the potential for information disclosure [1].
Mitigation
The vulnerability is fixed in IBM Planning Analytics Workspace Release 55, which is included in IBM Planning Analytics Local v2.0. Users should upgrade to this release or later. The fix was published on August 19, 2020 [1]. No workarounds are documented; upgrading is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 2.0
- Range: 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/186082mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6254788mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.