VYPR

Planning Analytics Local

by IBM

CVEs (62)

  • CVE-2020-4953MedFeb 23, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.

  • CVE-2020-4649MedNov 3, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.

  • CVE-2020-4361MedJul 20, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766.

  • CVE-2022-22314LowSep 8, 2022
    risk 0.21cvss 3.3epss 0.00

    IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.

  • CVE-2026-1267Mar 17, 2026
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.

  • CVE-2025-14806Mar 17, 2026
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.

  • CVE-2025-36437Dec 9, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.

  • CVE-2025-36299Nov 17, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.

  • CVE-2025-36357Nov 17, 2025
    risk 0.00cvss epss 0.01

    IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

  • CVE-2025-36262Sep 30, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

  • CVE-2025-36132Sep 30, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2025-33005Jun 1, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

  • CVE-2025-33004Jun 1, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

  • CVE-2025-2896Jun 1, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2025-25044Jun 1, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2024-40693Jan 24, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim…

  • CVE-2024-25034Jan 24, 2025
    risk 0.00cvss epss 0.00

    IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for…

  • CVE-2024-35143Aug 4, 2024
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the…

  • CVE-2024-25053Jun 28, 2024
    risk 0.00cvss epss 0.00

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the…

  • CVE-2024-31907May 31, 2024
    risk 0.00cvss epss 0.00

    IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…