CVE-2025-36262

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 

could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
ibmCNA
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
ibmplanning_analytics_local
2.0.0 ≤
𝑥
≤ 2.0.106
ibmplanning_analytics_local
2.1.0 ≤
𝑥
≤ 2.1.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7246602