Ibm Planning Analytics Local vulnerabilities

CVE-2026-1267 [MEDIUM] CWE-200 CVE-2026-1267: IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive ap IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.

CVE-2025-14806 [MEDIUM] CWE-524 CVE-2025-14806: IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mecha IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.

CVE-2025-36437 [MEDIUM] CWE-209 CVE-2025-36437: IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server archit IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.

CVE-2025-36357 [HIGH] CWE-36 CVE-2025-36357: IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to travers IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

CVE-2025-36299 [MEDIUM] CWE-540 CVE-2025-36299: IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.

CVE-2025-36132 [MEDIUM] CWE-79 CVE-2025-36132: IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-s IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-36262 [MEDIUM] CWE-1286 CVE-2025-36262: IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a maliciou IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

CVE-2025-33005 [MEDIUM] CWE-613 CVE-2025-33005: IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allo IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

CVE-2025-2896 [MEDIUM] CWE-79 CVE-2025-2896: IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability a IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-33004 [MEDIUM] CWE-22 CVE-2025-33004: IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from director IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

CVE-2025-25044 [MEDIUM] CWE-79 CVE-2025-25044: IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability a IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2024-40693 [HIGH] CWE-434 CVE-2024-40693: IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating th IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

CVE-2024-25034 [HIGH] CWE-434 CVE-2024-25034: IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating th IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks.

CVE-2024-35143 [MEDIUM] CWE-306 CVE-2024-35143: IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.

CVE-2024-31907 [MEDIUM] CWE-79 CVE-2024-31907: IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability a IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.

CVE-2024-31908 [MEDIUM] CWE-79 CVE-2024-31908: IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerab IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.

CVE-2024-31889 [MEDIUM] CWE-79 CVE-2024-31889: IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability a IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.

CVE-2023-28520 [MEDIUM] CWE-79 CVE-2023-28520: IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability al IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.

CVE-2021-29852 [MEDIUM] CWE-79 CVE-2021-29852: IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528.

CVE-2021-29853 [MEDIUM] CWE-252 CVE-2021-29853: IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not v IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.