IBM Planning Analytics Local
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Planning Analytics Local.
By the Year
In 2025 there have been 4 vulnerabilities in IBM Planning Analytics Local with an average score of 6.5 out of ten. Last year, in 2024 Planning Analytics Local had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Planning Analytics Local in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.20.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 4 | 6.53 |
2024 | 4 | 6.33 |
2023 | 1 | 5.40 |
2022 | 0 | 0.00 |
2021 | 4 | 7.65 |
2020 | 9 | 5.67 |
2019 | 0 | 0.00 |
2018 | 1 | 6.10 |
It may take a day or so for new Planning Analytics Local vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Planning Analytics Local Security Vulnerabilities
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting
CVE-2025-25044
5.4 - Medium
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting
CVE-2025-2896
5.4 - Medium
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM Planning Analytics Local 2.0 and 2.1 could
CVE-2025-33004
6.5 - Medium
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
Directory traversal
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could
CVE-2025-33005
8.8 - High
- June 01, 2025
IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server
CVE-2024-35143
9.1 - Critical
- August 04, 2024
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.
Missing Authentication for Critical Function
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting
CVE-2024-31889
5.4 - Medium
- May 31, 2024
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.
XSS
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting
CVE-2024-31907
5.4 - Medium
- May 31, 2024
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889.
XSS
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting
CVE-2024-31908
5.4 - Medium
- May 31, 2024
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting
CVE-2023-28520
5.4 - Medium
- May 12, 2023
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
XSS
IBM Planning Analytics Local 2.0 could
CVE-2021-29739
4.9 - Medium
- August 10, 2021
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.
Unchecked Return Value
IBM Planning Analytics Local 2.0 connects to a Redis server
CVE-2020-4670
9.1 - Critical
- May 17, 2021
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.
authentification
IBM Planning Analytics Local 2.0 connects to a MongoDB server
CVE-2020-4669
9.1 - Critical
- May 17, 2021
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.
AuthZ
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query
CVE-2020-4985
7.5 - High
- May 14, 2021
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
Information Disclosure
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions
CVE-2020-4649
4.3 - Medium
- November 03, 2020
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.
Information Disclosure
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting
CVE-2020-4645
5.4 - Medium
- July 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.
XSS
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim
CVE-2020-4644
5.4 - Medium
- July 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.
Improper Input Validation
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4503
6.1 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4431
5.4 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 180761.
XSS
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms
CVE-2020-4367
7.5 - High
- June 02, 2020
IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.
Use of a Broken or Risky Cryptographic Algorithm
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4366
6.1 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178965.
XSS
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting
CVE-2020-4360
5.4 - Medium
- June 02, 2020
IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178765.
XSS
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting
CVE-2020-4306
5.4 - Medium
- May 29, 2020
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.
XSS
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting
CVE-2018-1676
6.1 - Medium
- July 06, 2018
IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Planning Analytics Local or by IBM? Click the Watch button to subscribe.
