EUVD-2025-208810CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Description
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.
Analysis
IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attackers can manipulate the caching mechanism to store and serve sensitive, user-specific responses as publicly cacheable resources, resulting in information disclosure to unauthorized users. The vulnerability requires low attack complexity and user interaction but only affects confidentiality with a CVSS score of 5.7. A patch is available from the vendor, and this represents a moderate-priority issue requiring prompt remediation in production environments handling sensitive analytical data.
Technical Context
This vulnerability stems from improper cache control implementation in IBM Planning Analytics Local (confirmed via CPE cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*), classified under CWE-524 (Uncontrolled Write to File with Dangerous File Extensions). The root cause involves the HTTP caching mechanism failing to properly mark user-specific responses as non-cacheable, allowing responses containing sensitive planning, analytical, or user-profile data to be stored in shared caches (browser, intermediary, or CDN proxies). Attackers exploit this by crafting requests that generate user-specific responses, which the cache then incorrectly treats as public content. This is a cache poisoning attack that violates HTTP Cache-Control semantics and authentication boundaries.
Affected Products
IBM Planning Analytics Local versions 2.1.0 through and including 2.1.17 are affected, as confirmed by the EUVD database (EUVD-2025-208810) and CPE specification cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*. The vulnerability does not affect earlier major versions (e.g., 2.0.x) or Planning Analytics cloud variants. Organizations running any intermediate version within the 2.1.0-2.1.17 range are in scope. IBM has published a security advisory available at https://www.ibm.com/support/pages/node/7263581 with patch details and affected version confirmation.
Remediation
Upgrade IBM Planning Analytics Local to version 2.1.18 or later as soon as operationally feasible; patch downloads and detailed instructions are available in the IBM security advisory at https://www.ibm.com/support/pages/node/7263581. As an interim compensating control, enforce strict HTTP Cache-Control headers (Cache-Control: private, no-store) at the reverse proxy or application gateway level for all Planning Analytics Local endpoints, implement HTTPS with HSTS (Strict-Transport-Security) to prevent downgrade attacks, and restrict network access to Planning Analytics to internal networks or VPN-connected users only. Disable shared caching proxies for Planning Analytics traffic if feasible, or configure them to respect all private/no-store directives. Monitor web server and proxy logs for suspicious cache access patterns (repeated requests from different sources for user-specific URLs) and consider implementing content security policies to limit cache visibility.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today