Ibm Planning Analytics Local
31 CVEs affecting Ibm Planning Analytics Local. Latest disclosed: 2026-03-17. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-40693 | High | 8.0 | 2025-01-24 | IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attack… |
CVE-2024-25034 | High | 8.0 | 2025-01-24 | IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers ca… |
CVE-2020-4670 | High | 7.4 | 2021-05-17 | IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected b… |
CVE-2020-4669 | High | 7.4 | 2021-05-17 | IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configu… |
CVE-2024-35143 | Medium | 6.7 | 2024-08-04 | IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is… |
CVE-2026-1267 | Medium | 6.5 | 2026-03-17 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to la… |
CVE-2025-33004 | Medium | 6.5 | 2025-06-01 | IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction. |
CVE-2024-31908 | Medium | 6.4 | 2024-05-31 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in th… |
CVE-2023-28520 | Medium | 6.4 | 2023-05-12 | IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI… |
CVE-2025-33005 | Medium | 6.3 | 2025-06-01 | IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the… |
CVE-2020-4503 | Medium | 6.1 | 2020-06-02 | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a… |
CVE-2020-4366 | Medium | 6.1 | 2020-06-02 | IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a… |
CVE-2019-4134 | Medium | 6.1 | 2019-07-02 | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alterin… |
CVE-2018-1676 | Medium | 6.1 | 2018-07-06 | IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… |
CVE-2020-4367 | Medium | 5.9 | 2020-06-02 | IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X… |
CVE-2025-14806 | Medium | 5.7 | 2026-03-17 | IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific resp… |
CVE-2025-36132 | Medium | 5.4 | 2025-09-30 | IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated u… |
CVE-2025-25044 | Medium | 5.4 | 2025-06-01 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript c… |
CVE-2024-31907 | Medium | 5.4 | 2024-05-31 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web U… |
CVE-2024-31889 | Medium | 5.4 | 2024-05-31 | IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web U… |