IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Fixes

Solution

It is strongly recommended that you apply the most recent security updates: IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central


Workaround

No workaround given by the vendor.

History

Mon, 02 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 01 Jun 2025 11:45:00 +0000

Type Values Removed Values Added
Description IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
Title IBM Planning Analytics Local session fixation
First Time appeared Ibm
Ibm planning Analytics Local
Weaknesses CWE-613
CPEs cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm planning Analytics Local
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-26T14:53:31.308Z

Reserved: 2025-04-15T09:48:49.853Z

Link: CVE-2025-33005

cve-icon Vulnrichment

Updated: 2025-06-02T03:19:43.013Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-01T12:15:25.807

Modified: 2025-06-09T18:07:39.407

Link: CVE-2025-33005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.