Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources.
AnalysisAI
IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attackers can manipulate the caching mechanism to store and serve sensitive, user-specific responses as publicly cacheable resources, resulting in information disclosure to unauthorized users. The vulnerability requires low attack complexity and user interaction but only affects confidentiality with a CVSS score of 5.7. A patch is available from the vendor, and this represents a moderate-priority issue requiring prompt remediation in production environments handling sensitive analytical data.
Technical ContextAI
This vulnerability stems from improper cache control implementation in IBM Planning Analytics Local (confirmed via CPE cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*), classified under CWE-524 (Uncontrolled Write to File with Dangerous File Extensions). The root cause involves the HTTP caching mechanism failing to properly mark user-specific responses as non-cacheable, allowing responses containing sensitive planning, analytical, or user-profile data to be stored in shared caches (browser, intermediary, or CDN proxies). Attackers exploit this by crafting requests that generate user-specific responses, which the cache then incorrectly treats as public content. This is a cache poisoning attack that violates HTTP Cache-Control semantics and authentication boundaries.
RemediationAI
Upgrade IBM Planning Analytics Local to version 2.1.18 or later as soon as operationally feasible; patch downloads and detailed instructions are available in the IBM security advisory at https://www.ibm.com/support/pages/node/7263581. As an interim compensating control, enforce strict HTTP Cache-Control headers (Cache-Control: private, no-store) at the reverse proxy or application gateway level for all Planning Analytics Local endpoints, implement HTTPS with HSTS (Strict-Transport-Security) to prevent downgrade attacks, and restrict network access to Planning Analytics to internal networks or VPN-connected users only. Disable shared caching proxies for Planning Analytics traffic if feasible, or configure them to respect all private/no-store directives. Monitor web server and proxy logs for suspicious cache access patterns (repeated requests from different sources for user-specific URLs) and consider implementing content security policies to limit cache visibility.
More in Planning Analytics Local
View allIBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerab
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decr
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper
IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain an improper access control vulnerability (CWE-200) th
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated u
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticat
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4),
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208810