CVE-2025-36299Inclusion of Sensitive Information in Source Code in IBM Planning Analytics Local

CWE-540Inclusion of Sensitive Information in Source Code3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 92.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Planning Analytics LocalIBM Planning Analytics WorkspaceIBM Planning Analytics Local
Timeline
PublishedNov 17

Description

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDibm/planning_analytics_local2.1.02.1.15
CVEListV5ibm/ibm_planning_analytics_local2.1.02.1.14
NVDibm/planning_analytics_workspace2.1.02.1.15

🔴Vulnerability Details

2
GHSA
GHSA-hcpv-g7w6-qf97: IBM Planning Analytics Local 22025-11-17
CVEList
IBM Planning Analytics Information Disclosure2025-11-17
CVE-2025-36299 — IBM vulnerability | cvebase