Planning Analytics Local

planning_analytics_local

Vendor: Ibm • 30 CVEs

CVEs (30)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-1267 1Ibm 1Planning Analytics Local Mar 19, 2026 Mar 17, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.
CVE-2025-14806 1Ibm 1Planning Analytics Local Mar 19, 2026 Mar 17, 2026 N/A· v4 5.7 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.
CVE-2025-36437 1Ibm 1Planning Analytics Local Jan 14, 2026 Dec 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.
CVE-2025-36357 1Ibm 2Planning Analytics Local Planning Analytics Workspace Nov 19, 2025 Nov 17, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences t...Show more IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.Show less
CVE-2025-36299 1Ibm 2Planning Analytics Local Planning Analytics Workspace Nov 19, 2025 Nov 17, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.
CVE-2025-36262 1Ibm 1Planning Analytics Local Oct 3, 2025 Sep 30, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation o...Show more IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.Show less
CVE-2025-36132 1Ibm 1Planning Analytics Local Oct 3, 2025 Sep 30, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alt...Show more IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2025-33005 1Ibm 1Planning Analytics Local Jun 9, 2025 Jun 1, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
CVE-2025-33004 1Ibm 1Planning Analytics Local Jun 9, 2025 Jun 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
CVE-2025-2896 1Ibm 1Planning Analytics Local Jun 9, 2025 Jun 1, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po...Show more IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2025-25044 1Ibm 1Planning Analytics Local Jun 9, 2025 Jun 1, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po...Show more IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2024-35143 1Ibm 2Planning Analytics Local Planning Analytics Workspace Sep 11, 2024 Aug 4, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authenticat...Show more IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.Show less
CVE-2024-31908 1Ibm 1Planning Analytics Local Jan 8, 2025 May 31, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...Show more IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.Show less
CVE-2024-31907 1Ibm 1Planning Analytics Local Jan 8, 2025 May 31, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...Show more IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.Show less
CVE-2024-31889 1Ibm 1Planning Analytics Local Jan 8, 2025 May 31, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...Show more IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.Show less
CVE-2023-28520 1Ibm 1Planning Analytics Local Nov 21, 2024 May 12, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...Show more IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.Show less
CVE-2021-29739 1Ibm 1Planning Analytics Local Nov 21, 2024 Aug 10, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.
CVE-2020-4670 1Ibm 2Planning Analytics Cloud Planning Analytics Local Nov 21, 2024 May 17, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this...Show more IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.Show less
CVE-2020-4669 1Ibm 2Planning Analytics Cloud Planning Analytics Local Nov 21, 2024 May 17, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A r...Show more IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.Show less
CVE-2020-4985 1Ibm 1Planning Analytics Local Nov 21, 2024 May 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.

12 Next