CVE-2025-36357

Summary

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

Affected Software

VendorProductVersion RangeStatus
IBMIBM Planning Analytics Local2.1.0 <= 2.1.14affected

Weaknesses

  • CWE-36: CWE-36

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References