This page lists publicly disclosed CVE vulnerabilities affecting ibm planning_analytics_local (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1267 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls. | [email protected] | 6.5 | 0.33% | 2026-03-17 | 2026-03-19 |
| CVE-2025-14806 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources. | [email protected] | 5.7 | 0.29% | 2026-03-17 | 2026-03-19 |
| CVE-2025-36437 | IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | [email protected] | 4.3 | 0.18% | 2025-12-09 | 2026-01-14 |
| CVE-2025-36357 | IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system. | [email protected] | 8.0 | 0.67% | 2025-11-17 | 2025-11-19 |
| CVE-2025-36299 | IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. | [email protected] | 4.3 | 0.18% | 2025-11-17 | 2025-11-19 |
| CVE-2025-36262 | IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input. | [email protected] | 4.9 | 0.27% | 2025-09-30 | 2025-10-03 |
| CVE-2025-36132 | IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.4 | 0.17% | 2025-09-30 | 2025-10-03 |
| CVE-2025-33005 | IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | [email protected] | 6.3 | 0.17% | 2025-06-01 | 2025-06-09 |
| CVE-2025-33004 | IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction. | [email protected] | 6.5 | 0.39% | 2025-06-01 | 2025-06-09 |
| CVE-2025-2896 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 4.8 | 0.17% | 2025-06-01 | 2025-06-09 |
| CVE-2025-25044 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | [email protected] | 5.4 | 0.17% | 2025-06-01 | 2025-06-09 |
| CVE-2024-35143 | IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420. | [email protected] | 6.7 | 0.43% | 2024-08-04 | 2024-09-11 |
| CVE-2024-31908 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. | [email protected] | 6.4 | 0.21% | 2024-05-31 | 2025-01-08 |
| CVE-2024-31907 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. | [email protected] | 5.4 | 0.21% | 2024-05-31 | 2025-01-08 |
| CVE-2024-31889 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. | [email protected] | 5.4 | 0.21% | 2024-05-31 | 2025-01-08 |
| CVE-2023-28520 | IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | [email protected] | 6.4 | 0.35% | 2023-05-12 | 2024-11-21 |
| CVE-2021-29739 | IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. | [email protected] | 4.9 | 1.09% | 2021-08-10 | 2024-11-21 |
| CVE-2020-4670 | IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401. | [email protected] | 9.1 | 2.51% | 2021-05-17 | 2024-11-21 |
| CVE-2020-4669 | IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600. | [email protected] | 9.1 | 1.94% | 2021-05-17 | 2024-11-21 |
| CVE-2020-4985 | IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. | [email protected] | 7.5 | 0.98% | 2021-05-14 | 2024-11-21 |