Home/Product/ibm planning analytics local
Product

ibm planning analytics local

30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-1267
>= 2.1.0 and < 2.1.18
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrat
6.5MEDIUM
 CVE-2025-14806
>= 2.1.0 and < 2.1.18
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving
5.7MEDIUM
 CVE-2025-36437
>= 2.1.0 and < 2.1.16
IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in fur
4.3MEDIUM
 CVE-2025-36357
>= 2.1.0 and < 2.1.15
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. A
8.0HIGH
 CVE-2025-36299
>= 2.1.0 and < 2.1.15
IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks aga
4.3MEDIUM
 CVE-2025-36262
>= 2.0.0 and <= 2.0.106
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass th
4.9MEDIUM
 CVE-2025-36132
>= 2.0.0 and <= 2.0.106
IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerabil
5.4MEDIUM
 CVE-2025-33005
all versions
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to imp
6.3MEDIUM
 CVE-2025-33004
all versions
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname r
6.5MEDIUM
 CVE-2025-2896
all versions
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to
4.8MEDIUM
 CVE-2025-25044
all versions
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to
5.4MEDIUM
 CVE-2024-35143
>= 2.0 and < 2.0.97
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening
6.7MEDIUM
 CVE-2024-31908
all versions
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed ar
6.4MEDIUM
 CVE-2024-31907
all versions
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4MEDIUM
 CVE-2024-31889
all versions
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4MEDIUM
 CVE-2023-28520
all versions
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary
6.4MEDIUM
 CVE-2021-29739
all versions
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in t
4.9MEDIUM
 CVE-2020-4670
all versions
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the r
9.1CRITICAL
 CVE-2020-4669
all versions
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the r
9.1CRITICAL
 CVE-2020-4985
all versions
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a que
7.5HIGH
 CVE-2020-4649
<= 2.0.9.2
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not inval
4.3MEDIUM
 CVE-2020-4645
>= 2.0.0 and <= 2.0.9.1
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed
5.4MEDIUM
 CVE-2020-4644
>= 2.0.0 and <= 2.0.9.1
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By p
5.4MEDIUM
 CVE-2020-4503
>= 2.0.0 and < 2.0.9.1
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr
6.1MEDIUM
 CVE-2020-4431
>= 2.0.0 and < 2.0.9.1
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr
5.4MEDIUM
 CVE-2020-4367
>= 2.0.0 and < 2.0.9.1
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly
7.5HIGH
 CVE-2020-4366
>= 2.0.0 and < 2.0.9.1
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr
6.1MEDIUM
 CVE-2020-4360
>= 2.0.0 and < 2.0.9.1
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr
5.4MEDIUM
 CVE-2020-4306
>= 2.0.0 and <= 2.0.9
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed a
5.4MEDIUM
 CVE-2018-1676
>= 2.0.0 and <= 2.0.4
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitra
6.1MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin