CVE-2025-36299
📋 TL;DR
IBM Planning Analytics Local versions 2.1.0 through 2.1.14 store sensitive information in source code, potentially exposing credentials or configuration data. This information disclosure vulnerability could enable attackers to gather intelligence for further attacks against the system. Organizations running affected versions of IBM Planning Analytics Local are impacted.
💻 Affected Systems
- IBM Planning Analytics Local
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials or API keys from source code, leading to full system compromise, data exfiltration, or lateral movement within the network.
Likely Case
Attackers discover configuration details or limited credentials that enable privilege escalation or facilitate other attack vectors against the Planning Analytics environment.
If Mitigated
With proper access controls and network segmentation, the exposed information provides limited value to attackers who cannot reach other system components.
🎯 Exploit Status
Exploitation requires access to source code files, which typically requires some level of system access. The advisory doesn't specify if this requires authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.15 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7251265
Restart Required: Yes
Instructions:
1. Download IBM Planning Analytics Local version 2.1.15 or later from IBM Fix Central. 2. Backup current configuration and data. 3. Install the updated version following IBM's installation guide. 4. Restart the Planning Analytics services.
🔧 Temporary Workarounds
Restrict Source Code Access
linuxApply strict file system permissions to limit access to Planning Analytics source code directories
chmod 750 /path/to/planning-analytics-source
chown root:planninggroup /path/to/planning-analytics-source
Network Segmentation
allIsolate Planning Analytics servers from untrusted networks and limit access to authorized users only
🧯 If You Can't Patch
- Implement strict access controls to Planning Analytics source directories
- Monitor for unusual access patterns to Planning Analytics files and directories
🔍 How to Verify
Check if Vulnerable:
Check IBM Planning Analytics Local version via administrative console or configuration files. Versions 2.1.0 through 2.1.14 are vulnerable.Check Version:
Check the version in the Planning Analytics administrative console or review installation directory version filesVerify Fix Applied:
Verify installation of version 2.1.15 or later through the administrative interface or version configuration files.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns to Planning Analytics source directories
- Multiple failed authentication attempts followed by source code access
Network Indicators:
- Unexpected connections to Planning Analytics servers from unauthorized IP addresses
SIEM Query:
source="planning-analytics-logs" AND (event="file_access" AND path="*source*" AND user!="authorized_user")