CVE-2025-36437 - Vulnerability Details - OpenCVE

IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm Subscribe	Planning Analytics Local Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Affected Product(s)VersionFixIBM Planning Analytics Local - IBM Planning Analytics Workspace2.1.0 - 2.1.15 IBM Planning Analytics Local 2.1.16 is now available for download from Fix Central https://www.ibm.com/support/pages/node/7251243

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7253603

History

Wed, 10 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Dec 2025 22:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.
Title		IBM Planning Analytics Local is vulnerable to disclosing sensitive information
First Time appeared		Ibm Ibm planning Analytics Local
Weaknesses		CWE-209
CPEs		cpe:2.3:a:ibm:planning_analytics_local:2.0.0:::::::* cpe:2.3:a:ibm:planning_analytics_local:2.1.15:::::::*
Vendors & Products		Ibm Ibm planning Analytics Local
References		https://www.ibm.com/support/pages/node/7253603
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-12-09T22:04:14.831Z

Updated: 2025-12-10T16:50:35.621Z

Reserved: 2025-04-15T21:17:03.969Z

Link: CVE-2025-36437

Vulnrichment

Updated: 2025-12-10T16:14:13.621Z

NVD

Status : Received

Published: 2025-12-09T22:16:10.070

Modified: 2025-12-09T22:16:10.070

Link: CVE-2025-36437

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-209

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36437", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:17:03.969Z", "datePublished": "2025-12-09T22:04:14.831Z", "dateUpdated": "2025-12-10T16:50:35.621Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.15:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "IBM Planning Analytics Local", "vendor": "IBM", "versions": [{"lessThanOrEqual": "2.1.15", "status": "affected", "version": "2.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Planning Analytics Local <span style=\"background-color: rgb(255, 255, 255);\">2.1.0 - <span style=\"background-color: rgb(255, 255, 255);\">2.1.15</span></span> could disclose sensitive information about server architecture that could aid in further attacks against the system.</span><br>"}], "value": "IBM Planning Analytics Local\u00a02.1.0 -\u00a02.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-12-09T22:04:14.831Z"}, "references": [{"tags": ["patch", "vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7253603"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td>Affected Product(s)</td><td>Version</td><td>Fix</td></tr><tr><td>IBM Planning Analytics Local - IBM Planning Analytics Workspace</td><td>2.1.0 - 2.1.15</td><td><span style=\"background-color: rgb(255, 255, 255);\"><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251243\">IBM Planning Analytics Local 2.1.16 is now available for download from Fix Central</a></span></td></tr></tbody></table><br>"}], "value": "Affected Product(s)VersionFixIBM Planning Analytics Local - IBM Planning Analytics Workspace2.1.0 - 2.1.15 IBM Planning Analytics Local 2.1.16 is now available for download from Fix Central https://www.ibm.com/support/pages/node/7251243"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Planning Analytics Local is vulnerable to disclosing sensitive information", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-10T16:14:10.940299Z", "id": "CVE-2025-36437", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T16:50:35.621Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-10T16:14:10.940299Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T16:14:13.621Z"}}], "cna": {"title": "IBM Planning Analytics Local is vulnerable to disclosing sensitive information", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:planning_analytics_local:2.1.15:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "IBM Planning Analytics Local", "versions": [{"status": "affected", "version": "2.1.0", "versionType": "semver", "lessThanOrEqual": "2.1.15"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected Product(s)VersionFixIBM Planning Analytics Local - IBM Planning Analytics Workspace2.1.0 - 2.1.15 IBM Planning Analytics Local 2.1.16 is now available for download from Fix Central https://www.ibm.com/support/pages/node/7251243", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td>Affected Product(s)</td><td>Version</td><td>Fix</td></tr><tr><td>IBM Planning Analytics Local - IBM Planning Analytics Workspace</td><td>2.1.0 - 2.1.15</td><td><span style=\"background-color: rgb(255, 255, 255);\"><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7251243\">IBM Planning Analytics Local 2.1.16 is now available for download from Fix Central</a></span></td></tr></tbody></table><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7253603", "tags": ["patch", "vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "IBM Planning Analytics Local\u00a02.1.0 -\u00a02.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">IBM Planning Analytics Local <span style=\"background-color: rgb(255, 255, 255);\">2.1.0 - <span style=\"background-color: rgb(255, 255, 255);\">2.1.15</span></span> could disclose sensitive information about server architecture that could aid in further attacks against the system.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-12-09T22:04:14.831Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36437", "state": "PUBLISHED", "dateUpdated": "2025-12-10T16:50:35.621Z", "dateReserved": "2025-04-15T21:17:03.969Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-12-09T22:04:14.831Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}