IBM Planning Analytics Local

MEDIUM (4.3) No Patch (5 days)
cwe-209ibmlocalmvdplanning-analyticsserver-architecture-disclosure

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 6%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

IBM Planning Analytics is a business analytics and reporting platform used by organizations to analyze and visualize data. This vulnerability allows attackers to access sensitive information about the server architecture, which could aid in further attacks against the system.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Packages

maven: org.ibm.planninganalytics.local

Affected Products

IBM / Planning Analytics Local

How to fix

  1. Upgrade to IBM Planning Analytics Local 2.1.16 or later from the IBM Support website: https://www.ibm.com/support/pages/node/7253603
  2. Immediate mitigations:
  3. Restrict access to sensitive information by configuring server security settings.
  4. Monitor system logs for suspicious activity.

References