Skip to main content

Planning Analytics Local

26 CVEs product

Monthly

CVE-2026-1267 MEDIUM PATCH This Month

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain an improper access control vulnerability (CWE-200) that allows authenticated users to access sensitive application data and administrative functionalities beyond their authorization level. An attacker with valid credentials can leverage this flaw to read confidential planning and analytics data, escalate privileges, or access administrative functions without proper authorization. A vendor patch is available, and this represents a moderate-to-high risk for organizations running affected versions in production environments.

Authentication Bypass IBM Information Disclosure Planning Analytics Local
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14806 MEDIUM PATCH This Month

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attackers can manipulate the caching mechanism to store and serve sensitive, user-specific responses as publicly cacheable resources, resulting in information disclosure to unauthorized users. The vulnerability requires low attack complexity and user interaction but only affects confidentiality with a CVSS score of 5.7. A patch is available from the vendor, and this represents a moderate-priority issue requiring prompt remediation in production environments handling sensitive analytical data.

Information Disclosure IBM Planning Analytics Local
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-36357 HIGH This Month

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-36299 MEDIUM Monitor

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local Planning Analytics Workspace
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-36262 MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Local
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-36132 MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-33005 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Information Disclosure IBM Planning Analytics Local
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-33004 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

IBM Path Traversal Planning Analytics Local
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-2896 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-25044 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-35143 CRITICAL Act Now

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Workspace Planning Analytics Local
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-31908 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-31907 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-31889 MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-28520 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-29739 MEDIUM This Month

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-4649 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4645 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4644 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-4503 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-4431 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4367 HIGH PATCH This Week

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics Local
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4366 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4360 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4306 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-1676 MEDIUM PATCH This Month

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.0
6.1
EPSS
0.9%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain an improper access control vulnerability (CWE-200) that allows authenticated users to access sensitive application data and administrative functionalities beyond their authorization level. An attacker with valid credentials can leverage this flaw to read confidential planning and analytics data, escalate privileges, or access administrative functions without proper authorization. A vendor patch is available, and this represents a moderate-to-high risk for organizations running affected versions in production environments.

Authentication Bypass IBM Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attackers can manipulate the caching mechanism to store and serve sensitive, user-specific responses as publicly cacheable resources, resulting in information disclosure to unauthorized users. The vulnerability requires low attack complexity and user interaction but only affects confidentiality with a CVSS score of 5.7. A patch is available from the vendor, and this represents a moderate-priority issue requiring prompt remediation in production environments handling sensitive analytical data.

Information Disclosure IBM Planning Analytics Local
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Month

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local +1
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics Local +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Information Disclosure IBM Planning Analytics Local
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

IBM Path Traversal Planning Analytics Local
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Planning Analytics Local
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Planning Analytics Workspace +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Planning Analytics Local
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Planning Analytics Local
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Planning Analytics Local
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy