CVE-2025-36357

CWE-363 documents3 sources

Severity

8.0HIGH

EPSS

0.0%

top 86.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Planning Analytics Local IBM Planning Analytics Workspace IBM IBM Planning Analytics Local

Timeline

PublishedNov 17

Description

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

▶NVDibm/planning_analytics_local2.1.0 — 2.1.15

▶CVEListV5ibm/ibm_planning_analytics_local2.1.0 — 2.1.14

▶NVDibm/planning_analytics_workspace2.1.0 — 2.1.15

🔴Vulnerability Details

CVEList

IBM Planning Analytics Local Directory Traversal↗2025-11-17

▶

GHSA

GHSA-6cc2-6px5-rx9p: IBM Planning Analytics Local 2↗2025-11-17

▶