Ibm: >> Planning Analytics Local Security Vulnerabilities
IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-17
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.
CVSS Score
8.0
EPSS Score
0.0
Published
2025-11-17
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-30
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13
could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-09-30
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-06-01
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-06-01
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-01
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-06-01
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-08-04
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-05-31
Page 1