CVE-2025-36262 — Improper Validation of Syntactic Correctness of Input in IBM Planning Analytics Local

CWE-1286 — Improper Validation of Syntactic Correctness of Input3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 82.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Planning Analytics Local

Timeline

PublishedSep 30

Description

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/planning_analytics_local2.0.0 — 2.0.106+1

▶NVDibm/planning_analytics_local2.0.0 — 2.0.106+1

🔴Vulnerability Details

CVEList

IBM Planning Analytics Local information disclosure↗2025-09-30

▶

GHSA

GHSA-v2vp-5c9f-vwfc: IBM Planning Analytics Local 2↗2025-09-30

▶