Ibm

Planning Analytics Local

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-36262

  • EPSS 0.08%
  • Veröffentlicht 30.09.2025 20:15:37
  • Zuletzt bearbeitet 03.10.2025 17:52:19

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

5.4

CVE-2025-36132

  • EPSS 0.03%
  • Veröffentlicht 30.09.2025 20:15:37
  • Zuletzt bearbeitet 03.10.2025 17:52:05

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...

8.8

CVE-2025-33005

  • EPSS 0.08%
  • Veröffentlicht 01.06.2025 11:39:06
  • Zuletzt bearbeitet 09.06.2025 18:07:39

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

6.5

CVE-2025-33004

  • EPSS 0.25%
  • Veröffentlicht 01.06.2025 11:37:51
  • Zuletzt bearbeitet 09.06.2025 18:08:21

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

5.4

CVE-2025-2896

  • EPSS 0.05%
  • Veröffentlicht 01.06.2025 11:36:20
  • Zuletzt bearbeitet 09.06.2025 18:08:36

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

5.4

CVE-2025-25044

  • EPSS 0.05%
  • Veröffentlicht 01.06.2025 11:35:22
  • Zuletzt bearbeitet 09.06.2025 18:08:44

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

9.1

CVE-2024-35143

  • EPSS 0.06%
  • Veröffentlicht 04.08.2024 13:15:57
  • Zuletzt bearbeitet 11.09.2024 14:34:13

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gai...

5.4

CVE-2024-31908

  • EPSS 0.15%
  • Veröffentlicht 31.05.2024 13:15:09
  • Zuletzt bearbeitet 08.01.2025 17:02:59

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4

CVE-2024-31907

  • EPSS 0.15%
  • Veröffentlicht 31.05.2024 13:15:09
  • Zuletzt bearbeitet 08.01.2025 17:06:40

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi...

5.4

CVE-2024-31889

  • EPSS 0.15%
  • Veröffentlicht 31.05.2024 13:15:09
  • Zuletzt bearbeitet 08.01.2025 17:10:40

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi...