CVE-2025-36262

IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7246602	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:planning_analytics_local::::::::
	cpe:2.3:a:ibm:planning_analytics_local::::::::

History

17 Jun 2026, 09:14

Type	Values Removed	Values Added
Summary		(es) IBM Planning Analytics Local 2.0.0 hasta 2.0.106 y 2.1.0 hasta 2.1.13 podría permitir a un usuario privilegiado malicioso eludir la interfaz de usuario para obtener acceso no autorizado a información sensible debido a la validación incorrecta de la entrada.

03 Oct 2025, 17:52

Type	Values Removed	Values Added
First Time		Ibm Ibm planning Analytics Local
References	~~() https://www.ibm.com/support/pages/node/7246602 -~~	() https://www.ibm.com/support/pages/node/7246602 - Vendor Advisory
CPE		cpe:2.3:a:ibm:planning_analytics_local::::::::

30 Sep 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-30 20:15

Updated : 2026-06-17 09:14

NVD link : CVE-2025-36262

Mitre link : CVE-2025-36262

CVE.ORG link : CVE-2025-36262

JSON object : View

Products Affected

ibm

planning_analytics_local

CWE

CWE-1286

Improper Validation of Syntactic Correctness of Input

{"id": "CVE-2025-36262", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-36262", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-30T20:40:37.300118Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "affected": [{"source": "psirt@us.ibm.com", "affectedData": [{"cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.0.106:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.13:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Planning Analytics Local", "versions": [{"status": "affected", "version": "2.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.106"}, {"status": "affected", "version": "2.1.0", "versionType": "semver", "lessThanOrEqual": "2.1.13"}], "defaultStatus": "unaffected"}]}], "published": "2025-09-30T20:15:37.993", "references": [{"url": "https://www.ibm.com/support/pages/node/7246602", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-1286"}]}], "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 \n\ncould allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input."}, {"lang": "es", "value": "IBM Planning Analytics Local 2.0.0 hasta 2.0.106 y 2.1.0 hasta 2.1.13 podr\u00eda permitir a un usuario privilegiado malicioso eludir la interfaz de usuario para obtener acceso no autorizado a informaci\u00f3n sensible debido a la validaci\u00f3n incorrecta de la entrada."}], "lastModified": "2026-06-17T09:14:38.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F78712-03BE-4B6E-9736-0CD2FD17916B", "versionEndIncluding": "2.0.106", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "384A770A-4584-4E9E-8394-97555E9AAD86", "versionEndIncluding": "2.1.13", "versionStartIncluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}