CVE-2021-29852: 
IBM Planning Analytics vulnerability analysis and mitigation

IBM Planning Analytics is vulnerable to cross-site scripting (CVE-2021-29852). This vulnerability affects IBM Planning Analytics Local v2.0 - Planning Analytics Workspace and allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. The vulnerability was disclosed and patched in August 2021 (IBM Support).

The vulnerability has a CVSS Base score of 5.4 with a vector of (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed with low confidentiality and integrity impact, and no availability impact (IBM Support).

The vulnerability allows attackers to alter the intended functionality of the web interface by injecting malicious JavaScript code. This could potentially lead to the disclosure of user credentials within a trusted session (IBM Support).

IBM has released a security update to address this vulnerability. The recommended solution is to apply IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 67, which can be downloaded from Fix Central. For IBM Planning Analytics with Watson, the vulnerability has already been addressed and no further action is required (IBM Support).