CVE-2025-36357
published 2025-11-17CVE-2025-36357: IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a…
high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | ibm_planning_analytics_local | 2.1.0 – 2.1.14 | — |
| ibm | planning_analytics_local | >= 2.1.0 < 2.1.15 | 2.1.15 |
| ibm | planning_analytics_workspace | >= 2.1.0 < 2.1.15 | 2.1.15 |