216.73.217.172

CVE-2025-36357

· Published 17/11/2025 20:15 · Modified 19/11/2025 13:08

Labels: CVE-2025-36357 2025-11-17CVE-2025-36357CWE-36[email protected]

Essential information

Published
17/11/2025 20:15
Modified
19/11/2025 13:08
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ibm / planning analytics local cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
ibm / planning analytics workspace cpe:2.3:a:ibm:planning_analytics_workspace:*:*:*:*:*:*:*:*

References