Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

Published

2025-11-17T20:15:51.490

Last Modified

2025-11-19T13:08:26.897

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-36

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	planning_analytics_local	< 2.1.15	Yes
Application	ibm	planning_analytics_workspace	< 2.1.15	Yes

References

https://www.ibm.com/support/pages/node/7251265 Vendor Advisory ([email protected])