Ibm Planning Analytics Local — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Planning Analytics Local, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (30)
CVE-2020-4670 — CVSS 9.1 (critical): IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote…
CVE-2020-4669 — CVSS 9.1 (critical): IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote…
CVE-2025-36357 — CVSS 8.0 (high): IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An…
CVE-2020-4367 — CVSS 7.5 (high): IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2020-4985 — CVSS 7.5 (high): IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM…
CVE-2024-35143 — CVSS 6.7 (medium): IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the…
CVE-2026-1267 — CVSS 6.5 (medium): IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative…
CVE-2025-33004 — CVSS 6.5 (medium): IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname…
CVE-2024-31908 — CVSS 6.4 (medium): IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2023-28520 — CVSS 6.4 (medium): IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2025-33005 — CVSS 6.3 (medium): IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate…
CVE-2018-1676 — CVSS 6.1 (medium): IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-4366 — CVSS 6.1 (medium): IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2020-4503 — CVSS 6.1 (medium): IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2025-14806 — CVSS 5.7 (medium): IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving…
CVE-2024-31889 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2024-31907 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-4645 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2020-4306 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2025-25044 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed…
CVE-2020-4644 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading…
CVE-2020-4431 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2025-36132 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability…
CVE-2020-4360 — CVSS 5.4 (medium): IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2025-36262 — CVSS 4.9 (medium): IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to…
CVE-2021-29739 — CVSS 4.9 (medium): IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the…
CVE-2025-2896 — CVSS 4.8 (medium): IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed…
CVE-2025-36437 — CVSS 4.3 (medium): IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further…
CVE-2020-4649 — CVSS 4.3 (medium): IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating…
CVE-2025-36299 — CVSS 4.3 (medium): IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the…