Ibm

Planning Analytics Local

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-36437

  • EPSS 0.03%
  • Veröffentlicht 09.12.2025 22:16:10
  • Zuletzt bearbeitet 12.12.2025 15:19:07

IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.

8

CVE-2025-36357

  • EPSS 0.02%
  • Veröffentlicht 17.11.2025 20:15:51
  • Zuletzt bearbeitet 19.11.2025 13:08:26

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitra...

4.3

CVE-2025-36299

  • EPSS 0.03%
  • Veröffentlicht 17.11.2025 20:15:51
  • Zuletzt bearbeitet 19.11.2025 13:08:37

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.

4.9

CVE-2025-36262

  • EPSS 0.07%
  • Veröffentlicht 30.09.2025 20:15:37
  • Zuletzt bearbeitet 03.10.2025 17:52:19

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

5.4

CVE-2025-36132

  • EPSS 0.04%
  • Veröffentlicht 30.09.2025 20:15:37
  • Zuletzt bearbeitet 03.10.2025 17:52:05

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...

8.8

CVE-2025-33005

  • EPSS 0.04%
  • Veröffentlicht 01.06.2025 11:39:06
  • Zuletzt bearbeitet 09.06.2025 18:07:39

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

6.5

CVE-2025-33004

  • EPSS 0.14%
  • Veröffentlicht 01.06.2025 11:37:51
  • Zuletzt bearbeitet 09.06.2025 18:08:21

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

5.4

CVE-2025-2896

  • EPSS 0.02%
  • Veröffentlicht 01.06.2025 11:36:20
  • Zuletzt bearbeitet 09.06.2025 18:08:36

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

5.4

CVE-2025-25044

  • EPSS 0.02%
  • Veröffentlicht 01.06.2025 11:35:22
  • Zuletzt bearbeitet 09.06.2025 18:08:44

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

9.1

CVE-2024-35143

  • EPSS 0.06%
  • Veröffentlicht 04.08.2024 13:15:57
  • Zuletzt bearbeitet 11.09.2024 14:34:13

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gai...