IBM Planning Analytics Local

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in IBM Planning Analytics Local.

By the Year

In 2025 there have been 4 vulnerabilities in IBM Planning Analytics Local with an average score of 6.5 out of ten. Last year, in 2024 Planning Analytics Local had 4 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Planning Analytics Local in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.20.

Year	Vulnerabilities	Average Score
2025	4	6.53
2024	4	6.33
2023	1	5.40
2022	0	0.00
2021	4	7.65
2020	9	5.67
2019	0	0.00
2018	1	6.10

It may take a day or so for new Planning Analytics Local vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Planning Analytics Local Security Vulnerabilities

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting

CVE-2025-25044 5.4 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting

CVE-2025-2896 5.4 - Medium - June 01, 2025

XSS

IBM Planning Analytics Local 2.0 and 2.1 could

CVE-2025-33004 6.5 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

Directory traversal

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could

CVE-2025-33005 8.8 - High - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Insufficient Session Expiration

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server

CVE-2024-35143 9.1 - Critical - August 04, 2024

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 292420.

Missing Authentication for Critical Function

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting

CVE-2024-31889 5.4 - Medium - May 31, 2024

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136.

XSS

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting

CVE-2024-31907 5.4 - Medium - May 31, 2024

XSS

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting

CVE-2024-31908 5.4 - Medium - May 31, 2024

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890.

XSS

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting

CVE-2023-28520 5.4 - Medium - May 12, 2023

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.

XSS

IBM Planning Analytics Local 2.0 could

CVE-2021-29739 4.9 - Medium - August 10, 2021

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.

Unchecked Return Value

IBM Planning Analytics Local 2.0 connects to a Redis server

CVE-2020-4670 9.1 - Critical - May 17, 2021

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server. IBM X-Force ID: 186401.

authentification

IBM Planning Analytics Local 2.0 connects to a MongoDB server

CVE-2020-4669 9.1 - Critical - May 17, 2021

IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM X-Force ID: 184600.

AuthZ

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query

CVE-2020-4985 7.5 - High - May 14, 2021

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.

Information Disclosure

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions

CVE-2020-4649 4.3 - Medium - November 03, 2020

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.

Information Disclosure

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting

CVE-2020-4645 5.4 - Medium - July 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.

XSS

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim

CVE-2020-4644 5.4 - Medium - July 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.

Improper Input Validation

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4503 6.1 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182283.

XSS

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4431 5.4 - Medium - June 02, 2020

XSS

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms

CVE-2020-4367 7.5 - High - June 02, 2020

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179001.

Use of a Broken or Risky Cryptographic Algorithm

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4366 6.1 - Medium - June 02, 2020

XSS

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting

CVE-2020-4360 5.4 - Medium - June 02, 2020

XSS

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting

CVE-2020-4306 5.4 - Medium - May 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176735.

XSS

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting

CVE-2018-1676 6.1 - Medium - July 06, 2018

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Planning Analytics Local or by IBM? Click the Watch button to subscribe.

IBM
Vendor

IBM Planning Analytics Local
Product

IBM Planning Analytics Local

Don't miss out!

By the Year

Recent IBM Planning Analytics Local Security Vulnerabilities

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting CVE-2025-25044 5.4 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting CVE-2025-2896 5.4 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 could CVE-2025-33004 6.5 - Medium - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could CVE-2025-33005 8.8 - High - June 01, 2025

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server CVE-2024-35143 9.1 - Critical - August 04, 2024

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting CVE-2024-31889 5.4 - Medium - May 31, 2024

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting CVE-2024-31907 5.4 - Medium - May 31, 2024

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting CVE-2024-31908 5.4 - Medium - May 31, 2024

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting CVE-2023-28520 5.4 - Medium - May 12, 2023

IBM Planning Analytics Local 2.0 could CVE-2021-29739 4.9 - Medium - August 10, 2021

IBM Planning Analytics Local 2.0 connects to a Redis server CVE-2020-4670 9.1 - Critical - May 17, 2021

IBM Planning Analytics Local 2.0 connects to a MongoDB server CVE-2020-4669 9.1 - Critical - May 17, 2021

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query CVE-2020-4985 7.5 - High - May 14, 2021

IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions CVE-2020-4649 4.3 - Medium - November 03, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting CVE-2020-4645 5.4 - Medium - July 29, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim CVE-2020-4644 5.4 - Medium - July 29, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting CVE-2020-4503 6.1 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting CVE-2020-4431 5.4 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms CVE-2020-4367 7.5 - High - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting CVE-2020-4366 6.1 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting CVE-2020-4360 5.4 - Medium - June 02, 2020

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting CVE-2020-4306 5.4 - Medium - May 29, 2020

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting CVE-2018-1676 6.1 - Medium - July 06, 2018