Description
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.
Published: 2026-03-17
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 lack proper access controls, allowing unauthorized users to retrieve sensitive application data and perform administrative functions. The flaw meets CWE‑200 and could expose confidential information and configuration details to attackers.

Affected Systems

The affected product is IBM Planning Analytics Local on Windows. All installations running versions 2.1.0 to 2.1.17, inclusive, are vulnerable. IBM recommends applying the fixed release IBM Planning Analytics Local 2.1.18 (or later) from Fix Central; the cloud environment has already been remediated.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity vulnerability. The EPSS value of less than 1% suggests exploitation is unlikely but not impossible, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector likely requires either unauthenticated or very low‑privilege authenticated access to the application, as the root cause is improper access controls. No public exploit is documented in the provided references.

Generated by OpenCVE AI on March 19, 2026 at 15:32 UTC.

Remediation

Vendor Solution

Remediation/Fixes It is strongly recommended that you apply the most recent security updates: Affected Product(s) Version(s) Fix IBM Planning Analytics Local 2.1.0 - 2.1.17 IBM Planning Analytics Local 2.1.18 is now available for download from Fix Central IBM Planning Analytics Cloud environment has been remediated.

OpenCVE Recommended Actions

  • Apply IBM Planning Analytics Local 2.1.18 or later from Fix Central.
  • Verify the patch installation and restart relevant services.
  • Restrict administrative rights on user accounts that access the Planning Analytics Local instance.
  • Monitor access logs for suspicious or abnormal activity.
  • Notify end‑users of potential exposure and encourage the use of strong authentication practices.

Generated by OpenCVE AI on March 19, 2026 at 15:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:ibm:planning_analytics_local:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 18 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls.
Title IBM Planning Analytics Information Disclosure
First Time appeared Ibm
Ibm planning Analytics Local
Weaknesses CWE-200
CPEs cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:planning_analytics_local:2.1.17:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm planning Analytics Local
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm Planning Analytics Local
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-18T14:57:13.447Z

Reserved: 2026-01-20T21:31:01.796Z

Link: CVE-2026-1267

cve-icon Vulnrichment

Updated: 2026-03-18T14:57:08.392Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T22:16:14.120

Modified: 2026-03-19T14:42:50.190

Link: CVE-2026-1267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:31Z

Weaknesses